Who names certificates for OpenVPN?

S

scarab2016-10-31 17:47:24

linux

scarab, 2016-10-31 17:47:24

Good day, dear All.
And who uses what practices when naming certificates, in particular under OpenVPN?
There are quite a few tunnels in the economy, while the same host can be a client for some tunnels, and a server for others. Somewhere point-to-point tunnels and nothing else, but somewhere several hundred clients can cling to one server. All this is generated on several dedicated CAs.
Accordingly, I would like to develop a practice for naming certificates so that at one glance at the CN it is clear which server and which tunnel it relates to, and it would also be nice to understand the role of the server in the connection.
Has anyone had such an experience?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

C

CityCat4, 2016-10-31
@CityCat4

I usually use this scheme - (object)_(role)_(issued CA). The object is either a login for the user, or a hostname without a domain part for the server. The role is either client or server. Issuer CA - short name of the CA that issued the certificate. Previously, I used only (hostname) for servers, but in this case, confusion really arises.

A

Alexander Chernykh, 2016-11-01
@sashkets

I distribute to external clients (users) according to the scheme (domain) - (surname). For other purposes, I do not use openvpn