I lost the CA key for an OpenVPN server I have. Not wanting to modify the configuration on an existing client, possibly taking it down, I realized I just need to use two certificate authorities. At first, I tried putting two CAs in the configuration file, but nothing. Then, I read that the both certificates just have to be in the same file, so the
ca.crt file just has two certificates in it.
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
That was it. Then, I just had to make sure new clients get the double certificate file, as the server's key was signed by the lost CA key.
No comments:
Post a Comment