That *was* practical; the theory is more complicated :-) Step-by-step is hard without knowing your platform, environment and requirements.Yes, thank you, this is good theoretical explanation. All I need now are practical examples :-) I understand that can be like reading mans for me for far more expirienced... :-( Hope somebody already implemented this and can share...
One problem is that most people who write on this are either hobbyists who don't deal with many certificates, or enterprise customers - who use fancy commercial software that is integrated with other systems. (LDAP/Active directory/even personnel systems.) Doesn't sound like you're either.
easyrsa seems to be a very simple wrapper around openssl. Good for getting started with certificates, not powerful enough for later on.
I don't use easyrsa - actually I use my own tools. So I'm not the one for details.
However, I recently looked at tinyca (it's now called tinyca2 in some places); it provides a GUI around openssl that you might find more intuitive than the openssl man pages -- which are not very approachable.
The forms seem pretty straightforward - but you still do need to know what to put in them. My previous note should help. And because it's based on openssl, they match what you expect from easyrsa - but with more options (like start and end dates)!
The recent linuxes all seem to have it in their distributions. Google tinyca2 for more information. There are plenty of tutorials to choose from.
Caveat: I haven't used TinyCa personally. Since it's based on openssl, you should be able to import your existing CA, and go forward from there.
Since you'll document your experience, perhaps YOU can contribute instructions for the next person !
Good luck. -- Timothe Litt ACM Distinguished Engineer -------------------------- This communication may not represent the ACM or my employer's views, if any, on the matters discussed.
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
