Answer the question
In order to leave comments, you need to log in
How is a client ssl certificate verified?
I decided to try to organize my own CA (Certificate Authority) to create and sign OpenVPN certificates. At the moment I'm delving into the details - I've read a lot of instructions, but I can't understand how the client certificate is authenticated if the CA is located on an isolated (not connected to the Internet) machine. Does the client contact the CA at all? If not difficult to explain in more detail.
Answer the question
In order to leave comments, you need to log in
Authenticity is verified based on the list of trusted certificates that are on the server. You can add your own to this list. And to them to sign client.
I won’t tell you specifically in which file they are located in OpenVPN, but dig in the direction of bundle-ca, ca.crt
CA is generated.
Server certificate is generated, signed by CA
Client certificate is generated, signed by server.
When verifying a user, a client certificate is verified that is signed by a server certificate that the server has access to.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question