'Re: [Openvpn-users] CA migration?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvpn-users
Subject:    Re: [Openvpn-users] CA migration?
From:       Bo Berglund <bo.berglund () gmail ! com>
Date:       2021-07-22 7:20:22
Message-ID: 8r6ifgl4cmom3a75a9tvltvn4nnslkptpp () 4ax ! com
[Download RAW message or body]

On Wed, 21 Jul 2021 10:57:50 +0200, Ralf Hildebrandt
<Ralf.Hildebrandt@charite.de> wrote:

>But how do I do this? Can I make openvpn accept client certificates
>from two CAs (the old and the new one)?

Why using a new certificate?
If you copy the files specified in the server.conf file on the old server to the
new server and use them there in that conf file all should just work...

My server.conf file looks like this regarding cryptography:

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key  # This file should be kept secret
dh /etc/openvpn/keys/dh2048.pem

By duplicating these files you are effectively running the new server instance
with the same certs and all client connections will be fine.
I have done this previously and found no problems.


-- 
Bo Berglund
Developer in Sweden



_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic