When I read these howto's
http://fedoraproject.org/wiki/Openvpn
http://library.linode.com/networking/openvpn/centos-5
on setting up an OpenVPN server, I see that only the last of the two have the step
. /etc/openvpn/easy-rsa/2.0/build-key-server server
Should that step also have been in the Fedora howto, or is it not required?
答案1
build-key-server is just a different type of key to use for OpenVPN. You could use any of the following and be ok
build-key mycert (no password protection)
build-key-pass mycert (with password protection)
build-key-pkcs12 mycert (PKCS #12 format)
build-key-server mycert (with nsCertType=server)
答案2
使用 easy-rsa 构建密钥有多种选择。使用“build-key-server”将证书构建为仅服务器证书 (nsCertType=server),并要求将“ns-cert-type server”放置在 OpenVPN 配置文件中。
要获得最全面的说明,请始终参考官方 OpenVPN 文档:
http://openvpn.net/index.php/open-source/documentation/miscellaneous/77-rsa-key-management.html