Changes between Version 11 and Version 12 of EasyRSA3-OpenVPN-Howto
- Timestamp:
- 12/17/13 23:12:01 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
EasyRSA3-OpenVPN-Howto
v11 v12 48 48 4. Send the request files from each entity to the CA system. This is not security sensitive, though it is wise to verify the received file matches the sender's copy if the transport is untrusted. 49 49 50 5. On the CA, import each entity request file, giving it an arbitrary "short name" as follows. Optionally, the imported request details can be displayed after importing. This basically just copies the request file into `reqs/` under the PKI dir.50 5. On the CA, import each entity request file, giving it an arbitrary "short name" as follows. This basically just copies the request file into `reqs/` under the PKI dir to prepare it for review and signing. 51 51 {{{ 52 52 ./easyrsa import-req /path/to/received.req UNIQUE_SHORT_FILE_NAME 53 53 }}} 54 54 55 6. Review the requestdetails if you wish, then sign it as one of the types: server or client.55 6. Review each request's details if you wish, then sign it as one of the types: server or client. 56 56 A. (optional) review the request: 57 57 {{{ 58 58 ./easyrsa show-req UNIQUE_SHORT_FILE_NAME 59 59 }}} 60 B. Sign as a client:60 B. If you are signing as a '''client''': 61 61 {{{ 62 62 ./easyrsa sign client UNIQUE_SHORT_FILE_NAME 63 63 }}} 64 C. Sign as a server:64 C. If you are signing as a '''server''': 65 65 {{{ 66 66 ./easyrsa sign server UNIQUE_SHORT_FILE_NAME 67 67 }}} 68 68 69 7. The CA returns the signed certificate , and includes the CA certificateunless the client already has it. This can be done over an insecure channel, though the client is encouraged to confirm the received CA cert is valid if the transport is untrusted.69 7. The CA returns the signed certificate produced in the above step, and includes the CA certificate (ca.crt) unless the client already has it. This can be done over an insecure channel, though the client is encouraged to confirm the received CA cert is valid if the transport is untrusted. 70 70 71 71 == DH Generation ==