Menu
▾
▴
Re: [Openvpn-users] Cert/key variables; same; different?
|
From: David S. <ope...@to...> - 2015-07-26 21:25:45
|
On 26/07/15 22:11, fm_...@xe... wrote: > When doing the build-ca, build-key, etc, you are asked to input the values of the following (even if defined in vars.bat, you have to confirm). My question is, considering server and clients, which of the parameters > -must be the same? > -may be the same? > -must be different? > -may be different? > > set KEY_COUNTRY= > set KEY_PROVINCE= > set KEY_CITY= > set KEY_ORG= > set KEY_EMAIL= > set KEY_CN= > set KEY_NAME= > set KEY_OU= All of these can be whatever you like. That is just strings which is presented in logs. The authentication happens on a cryptographic level, where the signature in a certificate must be valid when checked against a locally stored public CA key - which is the --ca certificate. > set PKCS11_MODULE_PATH= > set PKCS11_PIN= These are only valid/important if you use PKCS#11 tokens or smart cards, and must then be set to the proper drivers for the PKCS#11 technology of your choice. -- kind regards, David Sommerseth |
