Web lists-archives.com

Re: OpenVPN & Debian Stretch






On 09/05/2018 06:30 AM, Dan Purgert wrote:
Dan Ritter wrote:
On Wed, Sep 05, 2018 at 12:29:02AM -0000, Dan Purgert wrote:
Dan Ritter wrote:
On Tue, Sep 04, 2018 at 07:42:58PM -0400, Wayne Sallee wrote:
Has anyone set up OpenVPN with ssh-keygen -t rsa ?

Technically, you can do that.
ssh-keygen generates ssh keys, not x.509 certificates ...
An x.509 cert contains an RSA key signed by a CA. openssl can do
the signing, at which point you've half-reimplemented easy-rsa.

-dsr-
Sure - but it just seems silly to use ssh-keygen, then openssl to
convert it to the right format when openssl (or the easy-rsa wrapper
thereto) can do all the work for you in one go.


Ok, then it would be better to use openssl instead of ssh-keygen?

I'm looking at putting OpenVPN on an established server, and wondering if it is really nessesary to install easy-rsa when I already have established ways of generating ssh keys.

Wayne Sallee
Wayne@xxxxxxxxxxxxxxx
http://www.WayneSallee.com