[prev in list] [next in list] [prev in thread] [next in thread] 

List:       leaf-devel
Subject:    Re: [leaf-devel] 6.0.1 issue with DNAT
From:       Boris <boris () cation ! de>
Date:       2017-01-05 15:53:37
Message-ID: 50abf580-a446-900c-cffb-e27fe37996c2 () cation ! de
[Download RAW message or body]

Hej Erich,

Am 03.01.2017 um 19:12 schrieb Erich Titl:
> Hi Boris
> 
> Am 03.01.2017 um 11:49 schrieb Boris:
>> Hej all,
>>
>>
>> I was missing those scripts, too. And as far that I remember, they are
>> even not in the easyrsa-package.
> 
> Please note that the easyrsa scripts themselves are kind of proof of 
> concept thingies and not intended for _real_ crucial certificate 
> handling. If it uses pkitool now wnd not openssh scripts anymore this 
> just shows that the openvpn developers decided to use a different tool.
> 
> I for myself have decided a long time ago to use some offline tool to 
> handle my certificates. It is better anyway to keep this tool away from 
> the target machine. It also prevented me from seeing this problem at all.

Thank you for your hint! My ca is historically grown with some keys and
it would be quite a lot of work to reconfigure all clients. I just
wanted to build 'quickly' a new key.

But yes, when I once discovered tinyca, I thought about managing the
keys externally on my desktop working horse. I'm waiting for the right
bad-weather-and-no-better-idea-weekend....

Which offline tool do you use?


Boris




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel
[prev in list] [next in list] [prev in thread] [next in thread]