![]() |
|
|
|
|
|||||||
| Forums | Portal | Register | Forum Rules | FAQ | Contribute | Members List | Arcade | Search | Today's Posts | Mark Forums Read |
| UNIX for Advanced & Expert Users Advanced UNIX and Linux questions go here. Expert-to-Expert. |
|
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| USN-612-3: OpenVPN vulnerability | iBot | Security Advisories (RSS) | 0 | 05-13-2008 12:20 PM |
| Type I and Type II Errors - The Heart of Event Processing | iBot | Complex Event Processing RSS News | 0 | 12-05-2007 02:50 PM |
| array type has incomplete element type | jaganadh | High Level Programming | 1 | 07-24-2007 12:54 AM |
| Human readable type vs MIME type detection using file | spauldingsmails | Shell Programming and Scripting | 0 | 03-21-2007 08:43 PM |
| Solaris 8 Cert. | aojmoj | UNIX for Dummies Questions & Answers | 1 | 01-12-2003 07:26 PM |
|
|
Submit Tools | LinkBack | Thread Tools | Display Modes |
|
|||
|
OpenVPN 2.09 ns-cert-type ???
--ns-cert-type client|server
Require that peer certificate was signed with an explicit nsCertType designation of "client" or "server". This is a useful security option for clients, to ensure that the host they connect with is a designated server. See the easy-rsa/build-key-server script for an example of how to generate a certificate with the nsCertType field set to "server". If the server certificate's nsCertType field is set to "server", then the clients can verify this with --ns-cert-type server. This is an important security precaution to protect against a man-in-the-middle attack where an authorized client attempts to connect to another client by impersonating the server. The attack is easily prevented by having clients verify the server certificate using any one of --ns-cert-type, --tls-remote, or --tls-verify. Question I know what this is used for: --ns-cert-type server but what is this used for? And how does it work? --ns-cert-type client |
|||
| Google The UNIX and Linux Forums |
| Forum Sponsor | ||
|
|