WARNING: No server certificate verification method has been enabled. See http:/



  • Hi,

    every time I connect to my pfsense server I got this message

    WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    

    My knowledge about OpenVPN isn't really good but I didn't found a possibility in pfsense Cert Manager to get this working:

    You can build your server certificates with the build-key-server script (see the easy-rsa documentation for more info). This will designate the certificate as a server-only certificate by setting the right attributes. Now add the following line to your client configuration:
    
    remote-cert-tls server
    
    

    Did I miss something in the Cert Manager config options or isn't there a possibility in there till now ?


  • Rebel Alliance Developer Netgate

    I have looked into that, but building keys that way requires some extra openssl.cnf mojo that is tricky to work out when trying to use PHP's OpenSSL functions like we do.



  • Hi jimp,

    thanks for feedback. Just wanted to be sure that I didn't miss anything in the pfsense config.


Locked