On Thu, 2009-07-16 at 13:50 -0700, Kyle Hamilton wrote: > Create sub-CAs for each purpose, and have each device only > authenticate its own CA's stuff (by making that subCA the CAfile). > The root is a convenience at that point to be able to authenticate the > entire chain of anything produced by it. > > -Kyle H > > On Wed, Jul 15, 2009 at 11:29 PM, stortoaranci<bid...@lucullo.it> wrote: > > > > Hi All, > > > > I just have a silly question on Openssl. > > > > I use a self-signed CA to sign several server/clients cert. > > > > For example I could use signed certs to implement an OpenVPN LAN and one > > Wi-FI RADIUS auth for different clients. > > > > The question is: "how to be sure that a client allowed to use the wifi do > > not use the same cert on the OpenVPN LAN"? > > > > In other words, how could I segratate clients using the same CA? @Kyle, one site using multiple CA's? When not just create different authorizations with each specific cert? So, you would have a cert for the CA, a cert for the openVPN server, different client certs to be used with the openVPN service. etc.
Frans. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
