On Mon, 19 Oct 2015, Roland Schwarz wrote:
(Please trim inclusions from previous messages) _______________________________________________ Am 17.10.2015 um 20:48 schrieb Steve L:
Does anyone know if OH7LZB ever documented anywhere how to setup the server end of the OpenVPN that validates using the LoTW CA?
The server end is stock openvpn, so you may use the openvpn config instructions / documentation to set it up. Nothing fancy, .
I would be ineterested in particular which of the three different LoTW Root CAs are beeing used. I suspect my problems could come from having my cert signed by a different one than the tunnel is verifying against.
Hmm, they have multiple roots? The one I have has:
Certificate: Data: Version: 3 (0x2) Serial Number: 16695542736414145637 (0xe7b27ba978517c65) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=CT, L=Newington, O=American Radio Relay League, OU=Logbook of the World, CN=Logbook of the World Root CA, DC=arrl.org/emailAddress=lotw@arrl.org Validity Not Before: Sep 15 16:31:12 2010 GMT Not After : Sep 12 16:31:12 2020 GMT Subject: C=US, ST=CT, L=Newington, O=American Radio Relay League, OU=Logbook of the World, CN=Logbook of the World Root CA, DC=arrl.org/emailAddress=lotw@arrl.org
X509v3 Subject Key Identifier: AE:00:0C:A4:88:83:B9:90:F5:CD:38:CC:E8:54:68:F4:4B:54:A1:EC
The client must be configured to provide the intermediate certificate.
- Hessu