Help/advice request please.
Jon Radel
jon at radel.com
Mon Nov 16 23:01:10 UTC 2015
On 11/16/15 4:45 PM, Manas wrote:
> Hello Dave,
>
> I run a few openvpn servers on FreeBSD. I use https://openvpn.net/index.php/open-source/documentation/howto.html as my guide. Feel free to email me directly with any questions.
>
I was just looking at that one, not having setup OpenVPN from scratch in
a while now. Looks perfectly reasonable.
>
> But there is no guidance as to what the other field values should (or
> should
> not) be. Such as region/state etc.
Ooooo, nobody's let you in on the secret. :-( Those don't matter.
Make them whatever makes you happy, and that includes empty.
In a private CA world really the only field you have to worry about is
the Common Name. It's nice to set the other values to something
sensible, particularly if you're doing a private PKI for a large firm,
where it's handy to track contact information, etc., etc., as part of
the certificate, but that's all to keep the humans from getting
confused. Now, if you're getting your certs from another party, they'll
want you to either put in real values or leave the values blank,
depending on what they're certifying by signing your certificate, but
that's out of your scope.
--Jon Radel
jon at radel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3890 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20151116/7927ce4d/attachment.bin>
More information about the freebsd-questions
mailing list