Dear all,
OpenVPN's server.conf states that:
Code:
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
I understand the security risks involving the use of the same certificate/key to multiple users, since the key could be stolen and I wouldn't know from which user it was stolen.
Aside from the security risk above, is there any other reason for not using "duplicate-cn"? Another security risk? Any performance issues? Any conflicting problems?
Thank you.
Pastorino