[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

Re: [Openvpn-users] Re: public wifi protected by "official" root ca - do i get a copy of the users certificate?

Subject: Re: [Openvpn-users] Re: public wifi protected by "official" root ca - do i get a copy of the users certificate?
From: Jon Bendtsen <jon.bendtsen@xxxxxxxxxx>
Date: Wed, 25 Aug 2004 22:13:53 +0200

Den 25. aug 2004, kl. 19:53, skrev Tarjei Huse:

Jon Bendtsen wrote:

Den 25. aug 2004, kl. 15:38, skrev Mathias Sundman:

On Wed, 25 Aug 2004, Jon Bendtsen wrote:

I was thinking of putting up a public wifi network that directed
people to download a openvpn package, such that they can connect to
the openvpn server and from there to the internet. I want the extra
openvpn to authenticate who people are, and to protect me from other
people injecting packets so they look like mine.

I read somewhere that if i use the root ca from a "official" root ca
then anyone signed with that root ca can connect to my openvpn
server. However, in order for me to prove who the user was, i would
prefer if i had more than just the common name of the user, to prove
who it was. What other information do i need, and does openvpn
already log it?

Is there a particular attribute of the certificate you want logged?


something that unique that identifies JUST this user. I suppose that
the CA
gives all certificates a serial number. I want to log this number.

I guess WYSIWYG! Here's what my server logs from my in-offical cert:

Wed Aug 25 12:00:28 2004 xxx.xx.xx.xx:4650 VERIFY OK: depth=1,
/C=SE/ST=NA/L=STOCKHOLM/O=Sungard/CN=Sungard.OpenVPN.CA/emailA
ddress=info@xxxxxxxxxx
Wed Aug 25 12:00:28 2004 xxx.xx.xx.xx:4650 VERIFY OK: depth=0,
/C=SE/ST=NA/O=Sungard/CN=Mathias.Sundman/emailAddress=info@sun
gard.se

Hmm, seems like there is no serial number.

But, when you create the users certificate, you have to add an emailaddress to the cert. Then all you need to do is make sure this is unique across the different clientcerts.

but i dont create the certificates. TDC a private danish phone company creates the certificates for the danish goverment. The idea was to set up a public WIFI and let everyone use it, but having people authenticate themselves through their certificate, such that i wouldnt get into trouble.

JonB


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Follow-Ups:
- Re: [Openvpn-users] Re: public wifi protected by "official" root ca - do i get a copy of the users certificate?
  - From: Kevin P. Fleming

References:
- [Openvpn-users] public wifi protected by "official" root ca - do i get a copy of the users certificate?
  - From: Jon Bendtsen
- Re: [Openvpn-users] public wifi protected by "official" root ca - do i get a copy of the users certificate?
  - From: Mathias Sundman
- Re: [Openvpn-users] public wifi protected by "official" root ca - do i get a copy of the users certificate?
  - From: Jon Bendtsen
- [Openvpn-users] Re: public wifi protected by "official" root ca - do i get a copy of the users certificate?
  - From: Tarjei Huse

Prev by Date: Re: [Openvpn-users] OpenVPN GUI - Ask for http-proxy feature
Next by Date: [Openvpn-users] Odd behaviour on tap0 in beta11 with tcp-server
Previous by thread: [Openvpn-users] Re: public wifi protected by "official" root ca - do i get a copy of the users certificate?
Next by thread: Re: [Openvpn-users] Re: public wifi protected by "official" root ca - do i get a copy of the users certificate?
Index(es):
- Date
- Thread