24 Oct
2015
24 Oct
'15
11:43 a.m.
Hey Roland,
I am still wondering if anyone can tell me which of
the three LoTW
root CA certificates is tested by OpenVPN, or if all three are being
tested?
Heikki Hannikainen previously mentioned in email that there are machine
certs, the primary cert for the root CA, and an intermediate cert. He
listed *three* specific bullet items in his email which correspond to
each of the three certificates that you mentioned (not necessarily in
that order though). So, though seemingly an overly complicated
implementation of certificates in the behalf of the ARRL, you need to
trust all three.
Since all three certificates can be downloaded and as
such look
"official" to me I am left with doubt that I can make my VPN work at
all since I got a cert that is signed by a different CA than Heikki
showed on the list.
Certs do get replaced from time to time and maybe they upgraded the
machine cert recently. Dunno. Maybe Hessu (Heikki) could add links to
specific certs he's been successful so that you can compare.
--David
KI6ZHD