[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: public wifi protected by "official" root ca - do i get a copy of the users certificate?


  • Subject: Re: [Openvpn-users] Re: public wifi protected by "official" root ca - do i get a copy of the users certificate?
  • From: Jon Bendtsen <jon.bendtsen@xxxxxxxxxx>
  • Date: Wed, 25 Aug 2004 22:13:53 +0200

Den 25. aug 2004, kl. 19:53, skrev Tarjei Huse:

Jon Bendtsen wrote:

Den 25. aug 2004, kl. 15:38, skrev Mathias Sundman:

On Wed, 25 Aug 2004, Jon Bendtsen wrote:

I was thinking of putting up a public wifi network that directed
people to download a openvpn package, such that they can connect to
the openvpn server and from there to the internet. I want the extra
openvpn to authenticate who people are, and to protect me from other
people injecting packets so they look like mine.

I read somewhere that if i use the root ca from a "official" root ca
then anyone signed with that root ca can connect to my openvpn
server. However, in order for me to prove who the user was, i would
prefer if i had more than just the common name of the user, to prove
who it was. What other information do i need, and does openvpn
already log it?

Is there a particular attribute of the certificate you want logged?

something that unique that identifies JUST this user. I suppose that the CA gives all certificates a serial number. I want to log this number.


I guess WYSIWYG! Here's what my server logs from my in-offical cert:

Wed Aug 25 12:00:28 2004 xxx.xx.xx.xx:4650 VERIFY OK: depth=1,
/C=SE/ST=NA/L=STOCKHOLM/O=Sungard/CN=Sungard.OpenVPN.CA/emailA
ddress=info@xxxxxxxxxx
Wed Aug 25 12:00:28 2004 xxx.xx.xx.xx:4650 VERIFY OK: depth=0,
/C=SE/ST=NA/O=Sungard/CN=Mathias.Sundman/emailAddress=info@sun
gard.se

Hmm, seems like there is no serial number.
But, when you create the users certificate, you have to add an emailaddress
to the cert. Then all you need to do is make sure this is unique across the
different clientcerts.

but i dont create the certificates. TDC a private danish phone company
creates the certificates for the danish goverment. The idea was to set up
a public WIFI and let everyone use it, but having people authenticate
themselves through their certificate, such that i wouldnt get into trouble.




JonB


____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users