From 0686b100b1dfce0db4fee71cd1111f0b182ac8d8 Mon Sep 17 00:00:00 2001 From: Philippe Vaucher Date: Fri, 20 Oct 2017 14:35:40 +0200 Subject: [PATCH] Fix typos --- docs/paranoid.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/paranoid.md b/docs/paranoid.md index 79a8fdf..dc9188f 100644 --- a/docs/paranoid.md +++ b/docs/paranoid.md @@ -1,6 +1,6 @@ # Advanced security -## Keep the CA root key save +## Keep the CA root key safe As mentioned in the [backup section](/docs/backup.md), there are good reasons to not generate the CA and/or leave it on the server. This document describes how you can generate the CA and all your certificates on a secure machine and then copy only the needed files (which never includes the CA root key obviously ;) ) to the server(s) and clients. Execute the following commands. Note that you might want to change the volume `$PWD` or use a data docker container for this. @@ -13,7 +13,7 @@ The [`ovpn_copy_server_files`](/bin/ovpn_copy_server_files) script puts all the ## Crypto Hardening -If you want to select the cyphers used by OpenVPN the following parameters of the `ovpn_genconfig` might interest you: +If you want to select the ciphers used by OpenVPN the following parameters of the `ovpn_genconfig` might interest you: -T Encrypt packets with the given cipher algorithm instead of the default one (tls-cipher). -C A list of allowable TLS ciphers delimited by a colon (cipher).