LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   OpenVPN duplicate-cn recommendation (https://www.linuxquestions.org/questions/linux-server-73/openvpn-duplicate-cn-recommendation-925896/)

Pastorino 01-26-2012 10:40 PM

OpenVPN duplicate-cn recommendation
 
Dear all,

OpenVPN's server.conf states that:

Code:

# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names.  This is recommended
# only for testing purposes.  For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn

I understand the security risks involving the use of the same certificate/key to multiple users, since the key could be stolen and I wouldn't know from which user it was stolen.

Aside from the security risk above, is there any other reason for not using "duplicate-cn"? Another security risk? Any performance issues? Any conflicting problems?

Thank you.

Pastorino

unibox 01-28-2012 07:28 AM

The only reason for security risk. so we are not use this. otherwise you can use this option, it will not reduce system performance.


All times are GMT -5. The time now is 05:18 AM.