Dear all,
I currently have a working instance of OpenVPN 2.6 using à PKCS11 device (PKI) to identifiy the user connecting. Now, my security team ask me to identify the user with its physical device AND the host with a machine certificate inside the TPM chip. The two devices uses PKCS11 but in documentation I've not find any example or ways to implement it. I've tried to read source code, but my C remembers are very very old.
The only solution I have is to use the machine certificate to log in with openvpn itself, then have a captive portal to force user to identify after connection. This solution is not very user friendly...
Is anyone has done something like that or is it not possible ?
Many thanks,
BR,
jfv
Two pkcs11 devices at the same time
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
jfv
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Oct 17, 2023 9:01 am