False MITM warning using ECDSA
Posted: Fri Sep 07, 2018 11:58 am
So I've setup an OpenVPN configuration to use TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 as TLS cipher, however whenever my client connects to the server (with the exact same TLS cipher) I get the following warning: "WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info."
At the link provided, the following solution is presented: "Sign server certificates with one CA and client certificates with a different CA. The client configuration ca directive should reference the server-signing CA file, while the server configuration cadirective should reference the client-signing CA file." This was already what I did in the first place, so I'm wondering whether the warning is bugged or what is going on?
At the link provided, the following solution is presented: "Sign server certificates with one CA and client certificates with a different CA. The client configuration ca directive should reference the server-signing CA file, while the server configuration cadirective should reference the client-signing CA file." This was already what I did in the first place, so I'm wondering whether the warning is bugged or what is going on?