[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

dns interceptors

Subject: dns interceptors
From: charles at knownelement.com (charles at knownelement.com)
Date: Mon, 15 Feb 2010 04:08:26 +0000

Yes. Easy rsa is the way to go. 

They are normal certs. Check the scripts if you want to roll your own openssl wrapper scripts. 


------Original Message------
From: Larry Brower
To: nanog at nanog.org
Subject: Re: dns interceptors
Sent: Feb 14, 2010 7:44 PM

Randy Bush wrote:
> end user to network
>
> having probs with certs, i.e. what --outform it wants.  not finding in
> docs.  tried raw, but now guessing pem.  same for client and server
>
> server
>   ca.crt
>   server.crt
>   server.key
>
> client
>   ca.crt
>   client.crt
>   client.key
>
> and i presume i have to dump all client.crt files in the server's
> ../openvpn dir, but under what names?  or does it just wantonly trust
> anyone under that ca?
>
> randy
>
>   
What error is getting logged?

They are just normal cert's and should be in the keys directory under 
openvpn's user directory.

OpenVPN includes scripts that can make the certificates for you under 
the directory easy-rsa





Sent via BlackBerry from T-Mobile

Prev by Date: Time out for a terminology check--"resolver" vs "server".
Next by Date: dns interceptors
Previous by thread: dns interceptors
Next by thread: dns interceptors [SEC=UNCLASSIFIED]
Index(es):
- Date
- Thread