4. Questions about certificate authentication

Questions about certificate authentication

  • S

    I have Mutual PSK + Xauth working fine but I'm trying to migrate to certificate authentication (Mutual RSA + Xauth) and I have it somewhat working but I have a few questions…

    1)  I've created a self-signed certificate authority and some signed certificates.  My VPN client (iPhone) is using the certificate and it's working, but how does the VPN server validate the certificate?  The racoon docs mention using ASN.1 names but it doesn't seem to work with pfSense (they seem to be ignored) which makes sense because racoon.conf doesn't have "validate_peers" enabled.

    2)  Does "My Certificate" (phase 1) need to be signed through the same certificate authority as the "My Certificate Authority"?  It seems like the answer is no (because I'm using a wildcard SSL certificate and it appears to be working), but I want to make sure.

    3)  How can I verify that my configuration is secure?  Are there any (easy) tools available for checking?

    Thanks!

    0
  • Rebel Alliance Developer Netgate

    Easy test would be to make a different certificate from a completely different CA and see if you can still get in with that.

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy