How is a client ssl certificate verified?

R

rutest2015-08-10 09:11:20

linux

rutest, 2015-08-10 09:11:20

I decided to try to organize my own CA (Certificate Authority) to create and sign OpenVPN certificates. At the moment I'm delving into the details - I've read a lot of instructions, but I can't understand how the client certificate is authenticated if the CA is located on an isolated (not connected to the Internet) machine. Does the client contact the CA at all? If not difficult to explain in more detail.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

K

KeyDoo, 2015-08-10
@KeyDoo

Authenticity is verified based on the list of trusted certificates that are on the server. You can add your own to this list. And to them to sign client.
I won’t tell you specifically in which file they are located in OpenVPN, but dig in the direction of bundle-ca, ca.crt

R

Ruslan Fedoseev, 2015-08-10
@martin74ua

CA is generated.
Server certificate is generated, signed by CA
Client certificate is generated, signed by server.
When verifying a user, a client certificate is verified that is signed by a server certificate that the server has access to.