Unique user-certificate is not unique on my box

Started by MrCCL, June 14, 2018, 01:30:52 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 14, 2018, 01:30:52 AM Last Edit: June 14, 2018, 07:47:53 AM by MrCCL
My OpenVPN server config is set to "Server Mode = Remote Access (SSL/TLS + User Auth )".
I've created user-certificate for every user and made a Client Export for every user (Archive file with 3 files .key,.p12 & config file).
Each user also have a unique password. I'm not using TOTP.
But I can switch the .p12 file between the users on the clients and they can still establish a VPN connection to the server using another users .p12 file.
I thought the file was "paired" to the specific user?
June 15, 2018, 09:01:22 AM #1
I think OpenVPN only checks a certificate status (revoked/expired), not if the subject corresponds with the username.

https://blog.remibergsma.com/2013/02/27/improving-openvpn-security-by-revoking-unneeded-certificates/

Bart...
Print
Go Up Pages1
User actions