Changes between Version 10 and Version 11 of GettingStartedwithOVPN


Ignore:
Timestamp:
06/30/17 20:36:31 (13 months ago)
Author:
David Sommerseth
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GettingStartedwithOVPN

    v10 v11  
    1 
    21= OpenVPN - Getting started How-To =
    32
     
    8887
    8988'''BEWARE:'''
    90 One common mistake when setting up a new CA is to place all the CA files on the OpenVPN server.  DO '''''NOT''''' DO THAT!  A CA requires a private key which is used for signing the certificates your clients and servers will use.  If you loose control of your CA private key, you can no longer trust any certificates from this CA.  Anyone with access to this CA private key can sign new certificates without your knowledge, which then can connect to your OpenVPN server without needing to modify anything on the VPN server.   Place your CA files on a storage which can be offline as much as possible, only to be activated when you need to get a new certificate for a client or server.
     89One common mistake when setting up a new CA is to place all the CA files on the OpenVPN server.  [[span(style=background: #FFD0D0;padding-left: 6px; padding-right:6px;, DO '''''NOT''''' DO THAT! )]]  A CA requires a private key which is used for signing the certificates your clients and servers will use.  If you loose control of your CA private key, you can no longer trust any certificates from this CA.  Anyone with access to this CA private key can sign new certificates without your knowledge, which then can connect to your OpenVPN server without needing to modify anything on the VPN server.   Place your CA files on a storage which can be offline as much as possible, only to be activated when you need to get a new certificate for a client or server.
    9190
    9291The files you need to copy out from a CA are just 3 files for each client and server.