Re: [Openvpn-users] How to check if OpenVPN server is working properly?

Sat, 25 Feb 2023 04:57:49 -0800 

On Sat, Feb 25, 2023 at 15:46 David Sommerseth <[email protected]>
wrote:

>
>
> On 24/02/2023 00:20, Bo Berglund wrote:
> [...snip...]
>
> I'll let others follow up on the easy-rsa usage.
>
> >> This renewed certificate uses the original entity private key.
> >
> > This expiration business, does it apply only to crt files?
> > With all other files remaining the same over time?
>
> Yes.  The certificate files (".crt") are basically a public key with
> some meta data and a signature done by the CA.  This signature is there
> to ensure the meta data has not been modified after the certificate was
> issued.
>
> The meta data is information about who the certificate belongs to
> (Certificate Subject), validity (start/end dates; hereby the expiry
> dates), who signed the certificate and the intended usage for this
> public key.
>
> The signature in a certificate can be validated by having a copy of the
> public key of the CA, hence you have the CA certificate distributed.
>
> By keeping the private key the same, the public key (which is derived
> from the private key) stays the same.  And when keeping the meta data
> the same - with the exception of the expiry time, it is basically just
> the validity and CA signature which changes in the certificate.
>
> In that context, you can basically say that the Certificate Signing
> Request (the ".csr" file) is the public key + some meta data which the
> CA signs, which then has the certificate (".crt") as the output.  During
> the signing process, the CA verified the suggested meta data.  But the
> CA may decide to modify this information before signing it.  The only
> thing the CA cannot change, is the public key attached to the CSR.
>
>
> --
> kind regards,
>
> David Sommerseth
> OpenVPN Inc
>
>
>
>
> _______________________________________________
> Openvpn-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>

_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users























					Reply via email to