Thank you for the answers and confirmations, they were very useful and clear. Just tested the file generation and the change of algorithm and key length worked from the vars file as expected.
Mika On Mon, Jun 17, 2024 at 3:24 PM Jochen Bern <jochen.b...@binect.de> wrote: > On 17.06.24 23:29, Mika Laitio wrote: > > But what information I will need from the server side to generate the > > keys. Unless there are restrictions in algorithm used or key length? > > (FWIW, the server admin asking for your "credentials" isn't quite enough > to convince me that he is in fact thinking of X.509 certs based auth, > rather than a shared secret (what OpenVPN calls "static key") or the > --auth-user-pass option ...) > > Even though you can stuff most of the details a cert can carry into your > CSR, a CA signing your CSR doesn't need to copy *anything* other than > your public key into the cert it creates. (In particular, he SHOULD NOT > let you choose the CN for the cert, as he is supposed to ascertain that > it's unique.) Assume that if he were *not* planning to override *every* > detail he can, he would have suggested which params and values you > should ponder for longer than it takes you to reach for your random > generator. > > > On Mon, Jun 17, 2024 at 1:47 PM Antonio Quartulli <a...@unstable.cc<mailto: > a...@unstable.cc>> wrote: > >> On 17/06/2024 22:33, Mika Laitio wrote: > >>> So I would need to be connected to an openvpn server not hosted by me > >>> and the owner of the server asked me to send my credentials for the > >>> server key. At the moment I do not know the name of the server, > ca-files > >>> of it or anything. I believe that once I send my public key, he can > then > >>> generate the configuration file for me that I can use to connect to the > >>> server. (.opni) > >> > >> There are two ways to achieve this: > >> 1) the admin generates the certificate/private key pair for you and send > >> it over along with the config > >> 2) you generate the public/private key pair and then you create a CSR > >> (Certificate Signature Request) which you send over to the admin. > >> > >> IMHO your admin is asking to follow 2). Thus he wants you to create your > >> key pair and a CSR, so that he can then create the certificate for you. > > Kind regards, > -- > Jochen Bern > Systemingenieur > > Binect GmbH > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users >
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
