Hi, On Tue, Jan 09, 2024 at 11:33:22AM +0000, Peter Davis wrote: > > What do you mean by "revoke the key of one department"? This question does > > not make much sense, since there is no per-department key, if you do not > > have per-department servers. > > In your company, you have 3 departments. One is the IT department, > the other is the management department, and the last one is the > supervision department. An employee in the supervision department > shares a key with someone outside the company, and you want to block > access to the server through that key. You must revoke the certificate > of the supervision department. If each department has its own key, > then this does not affect other departments.
Textbook, X.509, please.
*Departments* have no keys/certs. *Users* have keys/certs. So if a *user*
key is lost, you revoke that *user* key.
Why would you revoke the whole access for the department?
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
