27 Oct
2015
27 Oct
'15
4:15 p.m.
When using openvpn, you should be establishing trust in both
directions. The server needs to know you are who you say you are.
You also need to know that the openvpn server is who it says it is and
not an impostor. In the first direction, trust is established using
your end-user LotW cert and verified by the server using the LotW root
CA cert. In the other direction, you need a way to verify the
server's certificate should be trusted. However, LotW doesn't sign
server certs, so he had to create a server cert himself. He's giving
you the CA cert file that was used to sign his server cert.
Not too confusing, right? ;)
On Tue, Oct 27, 2015 at 12:54 PM, Tom SP2L <SP2L(a)wp.pl> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
On 27/10/15 20:19, Roland Schwarz wrote:
My lotw cert is_not_ signed by this CA
Hello Roland.
Also my LoTW callsign certificate
___IS NOT signed___ by amprnet-vpn-ca.crt
Yes, you're right:
amprnet-vpn-ca.crt is NOT LoTW certificate!
I use AMPRNet VPN quite a while, almost two years
on various operating systems: Windows XP, Windows 7/32b
Windows 8/64b, Debian 7.7, Debian-8 and also Android 5.1.1
NEVER needed any of the root CA certificates form LoTW.
Everything prepared accordingly to nice manual
by Hessu OH7LZB on [44] AMPRNet VPN wiki page.
Personally I do not use any Network Manager
to maintain AMPRNet VPN connections,
(in fact, ANY connections at all), Hi!
Instead, I start client VPN by means of few shortcuts
prepared by myself and placed on the Desktop.
If you'll be interested I may send small archive
containing files I am talking about.
Best regards.
--
Tom - SP2L
------------------------------------
It is nice to be important.
But it is more important to be nice!
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net