Maximum number of client sharing the same certificate file

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
IkramulMurad
OpenVpn Newbie
Posts: 2
Joined: Tue Dec 15, 2020 1:39 am

Maximum number of client sharing the same certificate file

Post by IkramulMurad » Tue Dec 15, 2020 1:52 am

Hello,
We are currently managing a company which is interested to launch its own VPN application. For testing purpose, we've installed OpenVPN in our server and checked using OpenVPN client from our devices. Now we're going to launch our own app to connect OpenVPN.

We have noticed that it is possible to connect multiple users through the same client certificate file.
So should we create a client certificate for a different user?
Or, Create only one sharing certificate for all user?

N.B: We have approximately 500-700 user.

alkanvpn
OpenVpn Newbie
Posts: 4
Joined: Thu Dec 24, 2020 2:24 pm

Re: Maximum number of client sharing the same certificate file

Post by alkanvpn » Thu Dec 24, 2020 3:31 pm

You can share a single certificate among many users. But what happens if 1) One of the VPN user machines is stolen and the certificate is compromised, how fast can you reroll the new cert to 700 users and 2) one of your users leave the company and you would like to cancel his VPN access.

If you think that scenarios 1 and 2 would not apply to your use case, then you can proceed with sharing a single cert among all users.

IkramulMurad
OpenVpn Newbie
Posts: 2
Joined: Tue Dec 15, 2020 1:39 am

Re: Maximum number of client sharing the same certificate file

Post by IkramulMurad » Sat Jan 23, 2021 5:15 pm

Nice points.
But we are going to provide some interface to connect/disconnect vpn. User won't be aware of certificate files. Because certificate will be hidden inside vpn client application.

In above case, is it okay to go with single ovpn certificate file?

Post Reply