31
Virtual private networks / Re: Purpose of CA when running OpenVPN with User Auth only?
« on: April 29, 2021, 06:02:33 pm »
The purpose of a CA in your case is to avoid a MITM attack where *another* server pretends to be your VPN Gateway.
Your client is willingly supplying username and password and by doing so compromises your VPN account.
In other words:
Your OpenVPN client verifies the signature of the server cert to make sure it is talking to the *right* server.
To verify the signature it needs the issueing CA.
If you are concerned about CA expiration, you are free to give it any lifetime you want
Your client is willingly supplying username and password and by doing so compromises your VPN account.
In other words:
Your OpenVPN client verifies the signature of the server cert to make sure it is talking to the *right* server.
To verify the signature it needs the issueing CA.
If you are concerned about CA expiration, you are free to give it any lifetime you want