Changes between Version 5 and Version 6 of EasyRSA3-OpenVPN-Howto
- Timestamp:
- 11/30/13 22:10:26 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
EasyRSA3-OpenVPN-Howto
v5 v6 27 27 ./easyrsa gen-req UNIQUE_NAME_HERE 28 28 }}} 29 A. Optionally, the private key can be left unencrypted on-disk with the additional `nopass` option after the name. This is '''not''' recommended unless automated VPN startup is required . Unencrypted private keys can be used by anyone who obtains a copy of the file.29 A. Optionally, the private key can be left unencrypted on-disk with the additional `nopass` option after the name. This is '''not''' recommended unless automated VPN startup is required; you may want this for your server keys, so keep this in mind. Unencrypted private keys can be used by anyone who obtains a copy of the file. Encrypted keys offer stronger protection, but will require the passphrase on initial use. 30 30 31 31 3. Send the request files from each entity to the CA system. This is not security sensitive, though it is wise to verify the received file matches the sender's copy if the transport is untrusted.