While I appreciate the responses from everyone, no one is really explaining this in a nice step by step manner that I need. I suspect its because everyone is trying to help me learn it rather than give me the answer. The problem is the terminology compounded by extraneous info. ________________________________
If you want to use LotW keys, you CAN NOT generaty any keys.
Let me motivate:
Well its not working. I am real close to throwing in the towel and moving on to a different project.
- LotW has a CA certificate, and its private key.
- using those, it generates some intermediate certificates, public and
private keys.
- using those intermediate certificates, it generates the public and
private keys for the user which are sent to him.
I understand all this.
To generate user keys, you NEED the private keys of the intermediate certificates, which you do not have. These are needed to sign the newly generated keys.
I think of this as two parts, client and server. Maybe thats the wrong way to look at it, but either way user keys equates to me as client keys, which has already been documented in a simple manner.
I don't need the private keys because A.) I am not asking about the user/client end of this.
These are the related files in my server,conf file. I am asking where/how do I get these so that my openvpn server can be accessed by clients using the method documented in the wiki: http://wiki.ampr.org/wiki/AMPRNet_VPN
ca.crt server + all clients Root CA certificate ca.key key signing machine only Root CA key dh{n}.pem server only Diffie Hellman parameters server.crt server only Server Certificate server.key server only Server Key
It is a long time since I playeed with OpenVPN, but to put it simple:
The result should be to have the LotW intermediate certificates as CAs into your OpenVPN setup, and your LotW certificate as the server certificate, together with its private key. Any client with a LotW certificate connecting to your server would be validated.
Something like this...
-----Original Message----- From: Steve L Sent: Thursday, March 17, 2016 21:09 To: 44net@hamradio.ucsd.edu Subject: Re: [44net] OpenVPN
(Please trim inclusions from previous messages) _______________________________________________ While I appreciate the responses from everyone, no one is really explaining this in a nice step by step manner that I need. I suspect its because everyone is trying to help me learn it rather than give me the answer. The problem is the terminology compounded by extraneous info. ________________________________
If you want to use LotW keys, you CAN NOT generaty any keys.
Let me motivate:
Well its not working. I am real close to throwing in the towel and moving on to a different project.
- LotW has a CA certificate, and its private key.
- using those, it generates some intermediate certificates, public and
private keys.
- using those intermediate certificates, it generates the public and
private keys for the user which are sent to him.
I understand all this.
To generate user keys, you NEED the private keys of the intermediate certificates, which you do not have. These are needed to sign the newly generated keys.
I think of this as two parts, client and server. Maybe thats the wrong way to look at it, but either way user keys equates to me as client keys, which has already been documented in a simple manner.
I don't need the private keys because A.) I am not asking about the user/client end of this.
These are the related files in my server,conf file. I am asking where/how do I get these so that my openvpn server can be accessed by clients using the method documented in the wiki: http://wiki.ampr.org/wiki/AMPRNet_VPN
ca.crt server + all clients Root CA certificate ca.key key signing machine only Root CA key dh{n}.pem server only Diffie Hellman parameters server.crt server only Server Certificate server.key server only Server Key _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
On Thu, Mar 17, 2016 at 12:18 PM, Marius Petrescu marius@yo2loj.ro wrote:
(Please trim inclusions from previous messages) _______________________________________________ It is a long time since I playeed with OpenVPN, but to put it simple:
The result should be to have the LotW intermediate certificates as CAs into your OpenVPN setup, and your LotW certificate as the server certificate, together with its private key. Any client with a LotW certificate connecting to your server would be validated.
Something like this...
It looks like you got cut off, so I'll finish it. ;)
Server Side:
ca.crt = The latest LotW Root CA cert
server.crt = Your personal LotW cert concatenated with the intermediate that signed it. server.key = The private key associated with your personal cert -OR- server.p12 = A p12 cert bundle that has your personal cert, private key, and intermediate all in one file. (if your version of openssl supports this. It may require putting the file's encryption password in the config file so it can be opened by the program.
Client side: ca.crt = The latest LotW Root CA cert
client.crt = Their personal LotW cert concatenated with the intermediate that signed it. client.key = The private key associated with their personal cert -OR- client.p12 = A p12 cert bundle that has their personal cert, private key, and intermediate all in one file. (if their version of openssl supports this. It may require putting the file's encryption password in the config file so it can be opened by the program.
-
Cory (NQ1E) -
Marius Petrescu -
Steve L