Certificate Authentication with LDAP/AD

Mrxlazuardin · Post by **Mrxlazuardin** » Wed Nov 02, 2011 4:11 pm

Hi,

Is it possible to do certificate authentication with clients certificate and the server authenticates the clients certificate with LDAP/AD? I mean that all clients certificate is located on LDAP/AD, not as files inside OpenVPN server. So, it is like standard LDAP/AD authentication without using any password but clients certificate. If it is possible, please inform some configuration example related to this case.

Best regards,

Post by **janjust** » Wed Nov 02, 2011 9:32 pm

there is no need to store ANY client certificates on the openvpn server; the openvpn server only needs a server certificate+private key , plus the CA cert to authenticate itself.

A good security measure is to NOT store any client keys (and certainly not the CA private key) on the openvpn server itself.

So yes, you can use LDAP/AD to do authentication but it would require some scripting.

Mrxlazuardin · Post by **Mrxlazuardin** » Wed Nov 02, 2011 10:25 pm

Hi,

Any configuration example about using LDAP/AD for authenticating clients certificate?

Best regards,

Post by **janjust** » Wed Nov 02, 2011 10:57 pm

don't know of any examples; perhaps eurephia comes closest.

OpenVPN Support Forum

Certificate Authentication with LDAP/AD

Certificate Authentication with LDAP/AD

Re: Certificate Authentication with LDAP/AD

Re: Certificate Authentication with LDAP/AD

Re: Certificate Authentication with LDAP/AD