17 Mar
2016
17 Mar
'16
3:09 p.m.
While I appreciate the responses from everyone, no one is really
explaining this in a nice step by step manner that I need. I suspect
its because everyone is trying to help me learn it rather than give me
the answer. The problem is the terminology compounded by extraneous
info.
________________________________
If you want to use LotW keys, you CAN NOT generaty any
keys.
Let me motivate:
Well its not working. I am real close to throwing in the towel and
moving on to a different project.
- LotW has a CA certificate, and its private key.
- using those, it generates some intermediate certificates, public and
private keys.
- using those intermediate certificates, it generates the public and
private keys for the user which are sent to him.
I understand all this.
To generate user keys, you NEED the private keys of the
intermediate
certificates, which you do not have. These are needed to sign the newly
generated keys.
I think of this as two parts, client and server. Maybe thats the
wrong way to look at it, but either way user keys equates to me as
client keys, which has already been documented in a simple manner.
I don't need the private keys because A.) I am not asking about the
user/client end of this.
These are the related files in my server,conf file. I am asking
where/how do I get these so that my openvpn server can be accessed by
clients using the method documented in the wiki:
http://wiki.ampr.org/wiki/AMPRNet_VPN
ca.crt server + all clients Root CA certificate
ca.key key signing machine only Root CA key
dh{n}.pem server only Diffie Hellman parameters
server.crt server only Server Certificate
server.key server only Server Key
17 Mar
17 Mar
3:18 p.m.
New subject: OpenVPN
It is a long time since I playeed with OpenVPN, but to put it simple:
The result should be to have the LotW intermediate certificates as CAs into
your OpenVPN setup, and your LotW certificate as the server certificate,
together with its private key.
Any client with a LotW certificate connecting to your server would be
validated.
Something like this...
-----Original Message-----
From: Steve L
Sent: Thursday, March 17, 2016 21:09
To: 44net(a)hamradio.ucsd.edu
Subject: Re: [44net] OpenVPN
(Please trim inclusions from previous messages)
_______________________________________________
While I appreciate the responses from everyone, no one is really
explaining this in a nice step by step manner that I need. I suspect
its because everyone is trying to help me learn it rather than give me
the answer. The problem is the terminology compounded by extraneous
info.
________________________________
If you want to use LotW keys, you CAN NOT generaty any
keys.
Let me motivate:
Well its not working. I am real close to throwing in the towel and
moving on to a different project.
- LotW has a CA certificate, and its private key.
- using those, it generates some intermediate certificates, public and
private keys.
- using those intermediate certificates, it generates the public and
private keys for the user which are sent to him.
I understand all this.
To generate user keys, you NEED the private keys of the
intermediate
certificates, which you do not have. These are needed to sign the newly
generated keys.
I think of this as two parts, client and server. Maybe thats the
wrong way to look at it, but either way user keys equates to me as
client keys, which has already been documented in a simple manner.
I don't need the private keys because A.) I am not asking about the
user/client end of this.
These are the related files in my server,conf file. I am asking
where/how do I get these so that my openvpn server can be accessed by
clients using the method documented in the wiki:
http://wiki.ampr.org/wiki/AMPRNet_VPN
ca.crt server + all clients Root CA certificate
ca.key key signing machine only Root CA key
dh{n}.pem server only Diffie Hellman parameters
server.crt server only Server Certificate
server.key server only Server Key
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
3:33 p.m.
New subject: OpenVPN
On Thu, Mar 17, 2016 at 12:18 PM, Marius Petrescu <marius(a)yo2loj.ro> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
It is a long time since I playeed with OpenVPN, but to put it simple:
The result should be to have the LotW intermediate certificates as CAs into
your OpenVPN setup, and your LotW certificate as the server certificate,
together with its private key.
Any client with a LotW certificate connecting to your server would be
validated.
Something like this...
It looks like you got cut off, so I'll finish it. ;)
Server Side:
ca.crt = The latest LotW Root CA cert
server.crt = Your personal LotW cert concatenated with the
intermediate that signed it.
server.key = The private key associated with your personal cert
-OR-
server.p12 = A p12 cert bundle that has your personal cert, private
key, and intermediate all in one file. (if your version of openssl
supports this. It may require putting the file's encryption password
in the config file so it can be opened by the program.
Client side:
ca.crt = The latest LotW Root CA cert
client.crt = Their personal LotW cert concatenated with the
intermediate that signed it.
client.key = The private key associated with their personal cert
-OR-
client.p12 = A p12 cert bundle that has their personal cert, private
key, and intermediate all in one file. (if their version of openssl
supports this. It may require putting the file's encryption password
in the config file so it can be opened by the program.
3172
days inactive
3172
days old
2 comments
3 participants
participants (3)
-
Cory (NQ1E) -
Marius Petrescu -
Steve L