Active / Active High Availability PKI

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
aggress
OpenVpn Newbie
Posts: 1
Joined: Fri Dec 01, 2017 4:56 pm

Active / Active High Availability PKI

Post by aggress » Sun Dec 03, 2017 11:03 am

Hi,

I want to create a pair of OpenVPN servers for active / active use and want to clarify the correct way to manage the PKI side of things.

How can I go about users only having one set of credentials to authenticate with both servers, I've seen a bunch of guides on HA but nothing which explains this clearly.

Thanks

TiTex
OpenVPN Super User
Posts: 310
Joined: Tue Apr 12, 2011 6:22 am

Re: Active / Active High Availability PKI

Post by TiTex » Mon Dec 04, 2017 5:20 pm

whatever username/password based credentials your users have it has nothing to do with a PKI , if your users only use certificates to auth you could implement CRL verifycation (google it), or ocspd responders (https://github.com/openca/openca-ocspd)
if their private key is password protected you can't do much about that , they can change their password as they want whenever they want

Post Reply