Hello there. I've been looking, and failed to find any information in the networks.
A few openvpn certificates (server, and a client) just expired. I have extended them simply by re-signing them, using "easyrsa sign-req". This works fine, I only have to update the certificate for the server, and pass the client certificate to the client. (It might be useful to document this workflow somewhere) However, I am a bit perplexed by the existence of the option "renew". This appears to want to re-create private keys and everything. What is the intended usage of this? Also, why does it by default limit you to a 30 day windows for renewal? Why would I want to re-create the private/public keys when I'm only re-issuing a certificate? In particular, private keys should remain private and communicating a private key to a user is always a risk factor, but giving him a newly signed certificate to use (with his existing private key) is less of a problem. Also, is it possible to decouple the generation of private keypairs and generation of certification requests? Creating a new request, and getting a new certificate ought to be possible using the previously Cheers.
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
