When using openvpn, you should be establishing trust in both directions. The server needs to know you are who you say you are. You also need to know that the openvpn server is who it says it is and not an impostor. In the first direction, trust is established using your end-user LotW cert and verified by the server using the LotW root CA cert. In the other direction, you need a way to verify the server's certificate should be trusted. However, LotW doesn't sign server certs, so he had to create a server cert himself. He's giving you the CA cert file that was used to sign his server cert.
Not too confusing, right? ;)
On Tue, Oct 27, 2015 at 12:54 PM, Tom SP2L SP2L@wp.pl wrote:
(Please trim inclusions from previous messages) _______________________________________________ On 27/10/15 20:19, Roland Schwarz wrote:
My lotw cert is_not_ signed by this CA
Hello Roland.
Also my LoTW callsign certificate
___IS NOT signed___ by amprnet-vpn-ca.crt
Yes, you're right: amprnet-vpn-ca.crt is NOT LoTW certificate!
I use AMPRNet VPN quite a while, almost two years on various operating systems: Windows XP, Windows 7/32b Windows 8/64b, Debian 7.7, Debian-8 and also Android 5.1.1
NEVER needed any of the root CA certificates form LoTW.
Everything prepared accordingly to nice manual by Hessu OH7LZB on [44] AMPRNet VPN wiki page.
Personally I do not use any Network Manager to maintain AMPRNet VPN connections, (in fact, ANY connections at all), Hi! Instead, I start client VPN by means of few shortcuts prepared by myself and placed on the Desktop.
If you'll be interested I may send small archive containing files I am talking about.
Best regards.
-- Tom - SP2L
It is nice to be important. But it is more important to be nice!
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net