Hi, On 03/01/2024 20:03, Gert Doering wrote:
Not sure I can come up with a good attack scenario in an OpenVPN PKI scenario where the CA would be stopped from doing something nasty by doing the full .csr dance (because it could still just create arbitrary .key/.crt on its own, thus getting access to the VPN server).
I think the .csr dance would prevent the CA from impersonating well known users with a well known certificate.
Cheers, -- Antonio Quartulli _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
