Security certificates questions
Posted: Wed Feb 16, 2011 12:48 pm
A few questions, please about the default configuration. I want to lock this down and am trying to understand how VPN installs as default
1) On the server, I notice two apparent client certificates in /etc/openvpn/amahi:
2) The server has the ca.crt and ca.key files. Can I assume these are common across all Amahi installs? In other words, the ca is actually at Amahi.org and the ca is not installed on my HDA?
3) Then, when installing the client, I get the homehda.key and homehda.crt files in my C:/program files/HDAConnect/config directory. Here's the real question - are those unique or common to everyone? If the latter, then I would assume I need to generate my own keys, or everyone with the HDAConnect software then has password access to my HDA? If I wanted to create new key files, do I do that on the client or server?
4) How do I know that root access and password only access are disabled? I want root access disabled even with the correct key file. Does the daemon downgrade to nobody or run as root?
1) On the server, I notice two apparent client certificates in /etc/openvpn/amahi:
- client-cpg.crt
client-cpg.csr
client-cpg.key
client-tcheng.crt
client-tcheng.csr
client-tcheng.key
2) The server has the ca.crt and ca.key files. Can I assume these are common across all Amahi installs? In other words, the ca is actually at Amahi.org and the ca is not installed on my HDA?
3) Then, when installing the client, I get the homehda.key and homehda.crt files in my C:/program files/HDAConnect/config directory. Here's the real question - are those unique or common to everyone? If the latter, then I would assume I need to generate my own keys, or everyone with the HDAConnect software then has password access to my HDA? If I wanted to create new key files, do I do that on the client or server?
4) How do I know that root access and password only access are disabled? I want root access disabled even with the correct key file. Does the daemon downgrade to nobody or run as root?