Page 1 of 1

Active / Active High Availability PKI

Posted: Sun Dec 03, 2017 11:03 am
by aggress

I want to create a pair of OpenVPN servers for active / active use and want to clarify the correct way to manage the PKI side of things.

How can I go about users only having one set of credentials to authenticate with both servers, I've seen a bunch of guides on HA but nothing which explains this clearly.


Re: Active / Active High Availability PKI

Posted: Mon Dec 04, 2017 5:20 pm
by TiTex
whatever username/password based credentials your users have it has nothing to do with a PKI , if your users only use certificates to auth you could implement CRL verifycation (google it), or ocspd responders (
if their private key is password protected you can't do much about that , they can change their password as they want whenever they want