Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Unique user-certificate is not unique on my box
« previous
next »
Print
Pages: [
1
]
Author
Topic: Unique user-certificate is not unique on my box (Read 289 times)
MrCCL
Newbie
Posts: 42
Karma: 3
Unique user-certificate is not unique on my box
«
on:
June 14, 2018, 01:30:52 am »
My OpenVPN server config is set to "
Server Mode = Remote Access (SSL/TLS + User Auth )
".
I've created user-certificate for every user and made a Client Export for every user (Archive file with 3 files .key,.p12 & config file).
Each user also have a unique password. I'm not using TOTP.
But I can switch the .p12 file between the users on the clients and they can still establish a VPN connection to the server using another users .p12 file.
I thought the file was "paired" to the specific user?
«
Last Edit: June 14, 2018, 07:47:53 am by MrCCL
»
Logged
bartjsmit
Hero Member
Posts: 805
Karma: 109
Re: Unique user-certificate is not unique on my box
«
Reply #1 on:
June 15, 2018, 09:01:22 am »
I think OpenVPN only checks a certificate status (revoked/expired), not if the subject corresponds with the username.
https://blog.remibergsma.com/2013/02/27/improving-openvpn-security-by-revoking-unneeded-certificates/
Bart...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Unique user-certificate is not unique on my box
