![]() |
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
|
google unix.com
|
|||||||
| Forums | Register | Forum Rules | Links | Albums | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
| UNIX for Advanced & Expert Users Expert-to-Expert. Learn advanced UNIX, UNIX commands, Linux, Operating Systems, System Administration, Programming, Shell, Shell Scripts, Solaris, Linux, HP-UX, AIX, OS X, BSD. |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| USN-612-3: OpenVPN vulnerability | iBot | Security Advisories (RSS) | 0 | 05-13-2008 03:20 PM |
| Type I and Type II Errors - The Heart of Event Processing | iBot | Complex Event Processing RSS News | 0 | 12-05-2007 06:50 PM |
| array type has incomplete element type | jaganadh | High Level Programming | 1 | 07-24-2007 03:54 AM |
| Human readable type vs MIME type detection using file | spauldingsmails | Shell Programming and Scripting | 0 | 03-22-2007 12:43 AM |
| Solaris 8 Cert. | aojmoj | UNIX for Dummies Questions & Answers | 1 | 01-12-2003 11:26 PM |
![]() |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
|
|
||||
|
OpenVPN 2.09 ns-cert-type ???
--ns-cert-type client|server
Require that peer certificate was signed with an explicit nsCertType designation of "client" or "server". This is a useful security option for clients, to ensure that the host they connect with is a designated server. See the easy-rsa/build-key-server script for an example of how to generate a certificate with the nsCertType field set to "server". If the server certificate's nsCertType field is set to "server", then the clients can verify this with --ns-cert-type server. This is an important security precaution to protect against a man-in-the-middle attack where an authorized client attempts to connect to another client by impersonating the server. The attack is easily prevented by having clients verify the server certificate using any one of --ns-cert-type, --tls-remote, or --tls-verify. Question I know what this is used for: --ns-cert-type server but what is this used for? And how does it work? --ns-cert-type client |
![]() |
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|