OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Certificate Authentication with LDAP/AD

https://forums.openvpn.net/viewtopic.php?t=9153

Page 1 of 1

Certificate Authentication with LDAP/AD

Posted: Wed Nov 02, 2011 4:11 pm
by Mrxlazuardin
Hi,

Is it possible to do certificate authentication with clients certificate and the server authenticates the clients certificate with LDAP/AD? I mean that all clients certificate is located on LDAP/AD, not as files inside OpenVPN server. So, it is like standard LDAP/AD authentication without using any password but clients certificate. If it is possible, please inform some configuration example related to this case.

Best regards,

Re: Certificate Authentication with LDAP/AD

Posted: Wed Nov 02, 2011 9:32 pm
by janjust
there is no need to store ANY client certificates on the openvpn server; the openvpn server only needs a server certificate+private key , plus the CA cert to authenticate itself.

A good security measure is to NOT store any client keys (and certainly not the CA private key) on the openvpn server itself.

So yes, you can use LDAP/AD to do authentication but it would require some scripting.

Re: Certificate Authentication with LDAP/AD

Posted: Wed Nov 02, 2011 10:25 pm
by Mrxlazuardin
Hi,

Any configuration example about using LDAP/AD for authenticating clients certificate?

Best regards,

Re: Certificate Authentication with LDAP/AD

Posted: Wed Nov 02, 2011 10:57 pm
by janjust
don't know of any examples; perhaps eurephia comes closest.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/