Changes between Version 11 and Version 12 of EasyRSA3-OpenVPN-Howto


Ignore:
Timestamp:
12/17/13 23:12:01 (10 years ago)
Author:
JoshC
Comment:

Improve import & signing descriptions

Legend:

Unmodified
Added
Removed
Modified

  • EasyRSA3-OpenVPN-Howto

    v11 v12  
    48484. Send the request files from each entity to the CA system. This is not security sensitive, though it is wise to verify the received file matches the sender's copy if the transport is untrusted.
    4949
    50 5. On the CA, import each entity request file, giving it an arbitrary "short name" as follows. Optionally, the imported request details can be displayed after importing. This basically just copies the request file into `reqs/` under the PKI dir.
     505. On the CA, import each entity request file, giving it an arbitrary "short name" as follows. This basically just copies the request file into `reqs/` under the PKI dir to prepare it for review and signing.
    5151{{{
    5252./easyrsa import-req /path/to/received.req UNIQUE_SHORT_FILE_NAME
    5353}}}
    5454
    55 6. Review the request details if you wish, then sign it as one of the types: server or client.
     556. Review each request's details if you wish, then sign it as one of the types: server or client.
    5656  A. (optional) review the request:
    5757{{{
    5858./easyrsa show-req UNIQUE_SHORT_FILE_NAME
    5959}}}
    60   B. Sign as a client:
     60  B. If you are signing as a '''client''':
    6161{{{
    6262./easyrsa sign client UNIQUE_SHORT_FILE_NAME
    6363}}}
    64   C. Sign as a server:
     64  C. If you are signing as a '''server''':
    6565{{{
    6666./easyrsa sign server UNIQUE_SHORT_FILE_NAME
    6767}}}
    6868
    69 7. The CA returns the signed certificate, and includes the CA certificate unless the client already has it. This can be done over an insecure channel, though the client is encouraged to confirm the received CA cert is valid if the transport is untrusted.
     697. The CA returns the signed certificate produced in the above step, and includes the CA certificate (ca.crt) unless the client already has it. This can be done over an insecure channel, though the client is encouraged to confirm the received CA cert is valid if the transport is untrusted.
    7070
    7171== DH Generation ==