OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Active / Active High Availability PKI

https://forums.openvpn.net/viewtopic.php?t=25383

Page 1 of 1

Active / Active High Availability PKI

Posted: Sun Dec 03, 2017 11:03 am
by aggress
Hi,

I want to create a pair of OpenVPN servers for active / active use and want to clarify the correct way to manage the PKI side of things.

How can I go about users only having one set of credentials to authenticate with both servers, I've seen a bunch of guides on HA but nothing which explains this clearly.

Thanks

Re: Active / Active High Availability PKI

Posted: Mon Dec 04, 2017 5:20 pm
by TiTex
whatever username/password based credentials your users have it has nothing to do with a PKI , if your users only use certificates to auth you could implement CRL verifycation (google it), or ocspd responders (https://github.com/openca/openca-ocspd)
if their private key is password protected you can't do much about that , they can change their password as they want whenever they want
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/