Hi, On Mon, Sep 04, 2023 at 11:29:58AM -0700, blz wrote: > Shouldn't that be *ta.key*, not *ta.crt* ? I have never seen a ta.crt in all > my years using OpenVPN. I have always known it to be a key file rather than > a certificate. Searching online the only occurrences that I can find are > random forums/SO/etc posts by people that may have mistyped or copied from > another post; scanning through `man openvpn` I could not find any mention of > a tls certificate as well, just keys.
Correct. tls-auth and tls-crypt use openvpn key files as input. No
certificate here.
tls-crypt-v2 is a bit more complicated, as it's a "signed key file",
but even then it's not a classic X509 certificate (".crt").
OTOH OpenVPN totally does not care how that file is named, you could
name the key file "cat.gif" and add
tls-auth cat.gif
to your config... it will confuse readers, but as long as there is a
well-formed key *inside*, the file name is just that, "a name to the thing".
(Now I feel tempted, to create OpenVPN configs that reference to all
the things by weird names, --key dog.gif --cert mouse.gif --ca house.png)
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
