Hi,
I want to create a pair of OpenVPN servers for active / active use and want to clarify the correct way to manage the PKI side of things.
How can I go about users only having one set of credentials to authenticate with both servers, I've seen a bunch of guides on HA but nothing which explains this clearly.
Thanks
Active / Active High Availability PKI
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Dec 01, 2017 4:56 pm
-
- OpenVPN Super User
- Posts: 310
- Joined: Tue Apr 12, 2011 6:22 am
Re: Active / Active High Availability PKI
whatever username/password based credentials your users have it has nothing to do with a PKI , if your users only use certificates to auth you could implement CRL verifycation (google it), or ocspd responders (https://github.com/openca/openca-ocspd)
if their private key is password protected you can't do much about that , they can change their password as they want whenever they want
if their private key is password protected you can't do much about that , they can change their password as they want whenever they want