Hi, On Tue, Jan 09, 2024 at 11:14:26AM +0000, Peter Davis wrote: > 1- So, by using --auth-user-pass I can prevent excessive access to the server.
That depends on your definition of "excessive" and "prevent", but it
gives you more control on who can login, and when.
> 2- I want each department to have its own key, because if I want to revoke
> the key of one department, then there will be no problem for other
> departments. Is this a good idea?
What do you mean by "revoke the key of one department"? This question does
not make much sense, since there *is no* per-department key, if you do not
have per-department servers.
OTOH, you could work with multi-level CAs (root CA signs department CA,
department CA maintains all user certs for that department) - so in that
case, you could indeed revoke the department key. But before you even
think about going there, *read a good textbook* on X509 certificates.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
