Michuelnik

Asked: 2012-07-19 07:43:46 +0800 CST2012-07-19 07:43:46 +0800 CST 2012-07-19 07:43:46 +0800 CST

OpenVPN without Root-CA

Simple OpenVPN Setup with SSL Authentication.

SSL-Setup: Root-CA > Intermediate-CA > Issuing-CA

All certificates (vpn-server and -clients) are issued by the "Issuing-CA".

I tried to use the certificate of the Issuing-CA as OpenVPN ca ca.pem parameter in the openvpn (server- and client-) config.

This did not work.

I had to add the complete certificate chain to the ca.pem. Then it worked.

I thought the ca parameter specifies trusted CAs. I do not want to include the whole certificate chain since I do not see the necessity for this! Contrary - this seems dangerous to me - since the Root-CA and the Intermediate CA can issue certificates for CNs that are used in the VPN! I would classify this as a security risk.

Is there a way to set a trust anchor to a non-root-CA?

OpenVPN without Root-CA

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

OpenVPN without Root-CA

0 Answers