Hi,
On 08/01/2024 13:11, Peter Davis wrote:
Hi,
If that's the only problem, then I can copy Easy-RSA again. When I generate one
key, I get a warning message to generate another.
When generating a certificate, you will sign it with the CA key.
If the CA key is gone, you won't be able to sign anything.
If you then say "ok, then I just generate a new CA", this means you also
have to distribute the new CA to everybody else.
For this reason you normally keep the CA key in a very secure place and
use it every time a new certificate has to be created.
May I suggest you to read a bit more about PKIs and x509?
These topics are "used" by OpenVPN, but they are generic and applicable
to different environments.
Cheers,
--
Antonio Quartulli
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
