 |
Post Awv4oVC9ljDXu9R3pY by [email protected] |
 |
More posts by [email protected] |
|
Post #AwuLXeq6A9YcxIiBrU by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Is it possible to make OpenVPN validate that a certificate follows a specific c… |
|
|
|
Post #AwuLXexBjnEFJI1que by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@azonenberg In general with openssh you can specify where it searches for roots… |
|
|
|
Post #AwuLXfscIHAMBOtiQS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
In other words, I explicitly want the VPN to only allow certs signed by the roo… |
|
|
|
Post #AwuLXgv8QOm5PV5EzQ by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Because if this isn't possible it seems like the only safe way to do this i… |
|
|
|
Post #AwuNJfmO4QVXj2R2ZM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@FritzAdalis the issue is that I don't want to verify all the way up to the… |
|
|
|
Post #AwuNJfsPi1KQ1jFqxk by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@azonenberg I wonder if you can have the client send the cert+intermediate like… |
|
|
|
Post #Awua6q0Y1rLz5VGiyu by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@azonenberg Do you mean you want to have:root -> VPNIntermediate -> TeamA… |
|
|
|
Post #Awub4oCTsW4MrBRklk by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@nikolaihampton The immediate goal is to make sure that a compromised HTTPS ser… |
|
|
|
Post #Awub4oIrUnApAyQqiO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@azonenberg HTTPS Server Certs (extendedKeyUsage = serverAuth only)VPN Server C… |
|
|
|
Post #Awv4oVC9ljDXu9R3pY by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@azonenberg If you really want belt-and-suspenders, you can have a tls-verify s… |
