<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ks_c_5601-1987">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt; color:#000000; background-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
<p></p>
<p>Hello,</p>
<p><br>
</p>
<p>I am a non English native and just a newbie, the opposite of an IT expert, and am totally stuck on this. If any of you can kindly give any advice on my stupid or basic questions I would indeed greatly, greatly appreciate your help: </p>
<p><br>
</p>
<p><span style="font-family:Calibri,Arial,Helvetica,sans-serif,'Apple Color Emoji','Segoe UI Emoji',NotoColorEmoji,'Segoe UI Symbol','Android Emoji',EmojiSymbols; font-size:16px"></span><span style="font-size:12pt">Some while ago, for the first time in my life I
(installed servers and) created certificates/keys, in order to use Openvpn on my stuffs. I successfully created those but then I felt I needed to figure out much more about other parts of server security, so I couldn't use those immediately but just leave
those alone. <br>
</span></p>
<p><br>
<span style="font-size:12pt"></span></p>
<p><span style="font-size:12pt"></span></p>
<p>What I've done was,</p>
<p>- I wanted to use Openvpn on my work and all other stuffs (I'm not an expert; I just wanted to learn and do the basic things, if I can.). </p>
<p>- After reading some documents I understood/thought I should have "server" in order to use Openvpn. (Until then, I only have Microsoft Windows (not server) and virtual machine guest Windows (not server) on it.)</p>
<p>- So I installed some Linux "server(s)" as guest os(es), for the first time in my life.</p>
<p> here what I actually did was: 1. installed A server, 2. following the instructions on the Openvpn website etc, completed the steps issuing cerficates (CA, server, client) using easy-rsa, 3. installed B server as another guest os, 2. completed the issueing
certificates (CA, server, client) steps.</p>
<p>- But I felt I should learn and configure the rest part of server security in order to actually start using the system(s), so I couldn't go further at that time; so I just quit going further and had to leave those alone, without doing anything on it.</p>
<p>- disconnected the internet connections from those guest OSes.</p>
<p><br>
</p>
<p></p>
<p>And then i've been worried about the certificates and keys that were properly issued at that time, I believe. I don't know what I have to be worried about actually and even if I really have to be worried about any things regarding it or not. </p>
<p>At that time I created the certificates mainly for the use of all my basic(?)/initial(?) system, so the CAs, servers, and clients cerfiticates were only created and as far as I remember I didn't send these to others or share with any.</p>
<p>But I'm worried as I hear server can be hacked very quickly after created... <br>
</p>
<p><span>Haven't deleted/couldn't delete those two servers because I don't know if it will be needed, if the certificates and keys need to be revoked....</span><br>
</p>
<p><br>
</p>
<p>I wonder, do I have to revoke all the cerfiticates and keys, including CA itself? Do I revoke the CAs using the same CAs?</p>
<p>(And actually I had a window os, not server, too before installing those two servers, in which I also issued some certs and keys to use Openvpn (until then I didn't think about the need of "server" for using Openvpn), but then I just completely deleted the
window device itself without making any revocation or whatsoever.. so currently I don't even have that system... Can I still even revoke those certificates and keys issued on the deleted device? how?...)<br>
</p>
<p><br>
</p>
<p>I now really need to proceed with my stuffs but I'm still stuck on it.</p>
<p>I don't know what should I do to delete any risk/danger remaining, if any. Or can I simply delete these two servers) without revoking(?) any or whatsoever, without anything to worry about?</p>
<p>Is a certificate supposed to certify a device (either CA, server or client)? <b>
So therefore don't I have to be even worried about the certs and keys if I no longer use the device itself (or if I delete the device itself)?</b> What is the bottom line for compromised etc certificates/keys (maybe in security perspective or whatsoever...)?<br>
</p>
<p><br>
</p>
<p>I look forward to hearing from you.</p>
<p>Thank you very much for your time and your help indeed!<br>
</p>
<span style="font-family:Calibri; line-height:22.7199993133545px; background-color:rgb(255,255,255)"><br>
Best regards,<br>
Kim</span><br>
<p></p>
<p></p>
<p></p>
</div>
</body>
</html>