[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Re: Temporarily disabling client certificates

  • Subject: Re: [Openvpn-users] Re: Temporarily disabling client certificates
  • From: Ed Ravin <eravin@xxxxxxxxx>
  • Date: Fri, 14 Jan 2005 23:04:56 -0500

On Wed, Jan 12, 2005 at 04:51:11PM -0600, Charles Duffy wrote:
> On Wed, 12 Jan 2005 20:03:43 +0000, Nathan Wood wrote:
> > Hi I'm running OPVN 2.0 rc6 and I'd like to set up an account that one
> > of our vendors can use to tunnel in. However, I would feel more
> > comfortable with this arrangement if I could have their cert disabled
> > until they specifically request access. When they finish I'd like to
> > disable it until they require access again.
> > 
> > I would like to do this without having to send out the vendor new key
> > pairs each time.
> I'd use a tls-verify script to blacklist clients which have valid
> certificates but which aren't presently supposed to be able to connect.

How about adding the vendor's cert to the revocation list, then removing
it when they call in to request access?

The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
Openvpn-users mailing list