setting nsCertType to server for server’s cert

Home Page Forums Network Management VPN setting nsCertType to server for server’s cert

This topic contains 1 reply, has 0 voices, and was last updated by  dnsadmin 7 years, 8 months ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #43102

    dnsadmin
    Member

    OpenVPN software has a recommended best practice for the nsCertType on the server’s certificate. Can the next update please include generating with the appropriate flag to prevent the discussed attack?

    # Verify server certificate by checking
    # that the certicate has the nsCertType
    # field set to “server”. This is an
    # important precaution to protect against
    # a potential attack discussed here:
    # http://openvpn.net/howto.html#mitm
    #
    # To use this feature, you will need to generate
    # your server certificates with the nsCertType
    # field set to “server”. The build-key-server
    # script in the easy-rsa folder will do this.
    ;ns-cert-type server

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.