The OpenVPN documentation describes how to revoke client certificates, if you want to disable access to the VPN from a particular client. But what if the server certificate's private key gets compromised?
I asked the tunnelblick folks ( https://groups.google.com/g/tunnelbl.../c/_KdKEAYwJmE ), and it sounds like Tunnelblick does not respect certificate revocation lists if the server private key (or its intermediate signing private key or root certificate's private key) needs to be revoked.
Should an OpenVPN server's certificate's private key be compromised, how does OpenVPN recommend that customers respond? What about if the intermediate certificate's private key is compromised? What about if the root cert is compromised?
I asked the tunnelblick folks ( https://groups.google.com/g/tunnelbl.../c/_KdKEAYwJmE ), and it sounds like Tunnelblick does not respect certificate revocation lists if the server private key (or its intermediate signing private key or root certificate's private key) needs to be revoked.
Should an OpenVPN server's certificate's private key be compromised, how does OpenVPN recommend that customers respond? What about if the intermediate certificate's private key is compromised? What about if the root cert is compromised?
Comment