Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Questions about certificate authentication

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sofakng
      last edited by

      I have Mutual PSK + Xauth working fine but I'm trying to migrate to certificate authentication (Mutual RSA + Xauth) and I have it somewhat working but I have a few questions…

      1)  I've created a self-signed certificate authority and some signed certificates.  My VPN client (iPhone) is using the certificate and it's working, but how does the VPN server validate the certificate?  The racoon docs mention using ASN.1 names but it doesn't seem to work with pfSense (they seem to be ignored) which makes sense because racoon.conf doesn't have "validate_peers" enabled.

      2)  Does "My Certificate" (phase 1) need to be signed through the same certificate authority as the "My Certificate Authority"?  It seems like the answer is no (because I'm using a wildcard SSL certificate and it appears to be working), but I want to make sure.

      3)  How can I verify that my configuration is secure?  Are there any (easy) tools available for checking?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Easy test would be to make a different certificate from a completely different CA and see if you can still get in with that.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.