Netgate m1n1wall

Author Topic: WARNING: No server certificate verification method has been enabled. See http:/  (Read 10405 times)

0 Members and 1 Guest are viewing this topic.

Offline Nachtfalke

  • Hero Member
  • *****
  • Posts: 2753
  • Karma: +0/-0
    • View Profile
Hi,

every time I connect to my pfsense server I got this message

Code: [Select]
WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
My knowledge about OpenVPN isn't really good but I didn't found a possibility in pfsense Cert Manager to get this working:

Code: [Select]
You can build your server certificates with the build-key-server script (see the easy-rsa documentation for more info). This will designate the certificate as a server-only certificate by setting the right attributes. Now add the following line to your client configuration:

remote-cert-tls server

Did I miss something in the Cert Manager config options or isn't there a possibility in there till now ?

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14976
  • Karma: +4/-0
    • View Profile
I have looked into that, but building keys that way requires some extra openssl.cnf mojo that is tricky to work out when trying to use PHP's OpenSSL functions like we do.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline Nachtfalke

  • Hero Member
  • *****
  • Posts: 2753
  • Karma: +0/-0
    • View Profile
Hi jimp,

thanks for feedback. Just wanted to be sure that I didn't miss anything in the pfsense config.