Jump to content
Not connected, Your IP:

client certifcate/key pairs

Recommended Posts

A few months ago a new options was added to the control panel "client area" on airvpn webUI.

The option is "Devices/Keys".

I found a forum post describing this new feature: https://airvpn.org/topic/26209-how-to-manage-client-certificatekey-pairs/?hl=keys


Not sure the reason for this option. It appears to allow rejection or renewal of openvpn/easyrsa ssl certs generated with airvpn config generator.

I assume this implements a crl (certificate revoke list) for client certs ?


Does this feature allow create new signed key pairs ?

Is there any security issues associated with generating private keys via a web browser ?



Share this post

Link to post

I assume this implements a crl (certificate revoke list) for client certs ?


Not quite. You create keys with your own names so that you can, for instance, connect to AirVPN on a device you are not going to use for long. So you generate a new key pair and use this to generate a config. When you no longer use it you delete the pair and this key can no longer be used to connect to AirVPN with your account.


A Certificate Revocation List by definition is a list of keys with a still ongoing validity which are marked invalid out of any reason by the issuer or owner before its time of validity expired. Your AirVPN keys are valid indefinitely, so a revocation makes little sense. Instead, you just delete the key from the database so that connecting with a deleted key leads nowhere.


Does this feature allow create new signed key pairs ?


It creates key pairs for you to use on different devices, for different purposes or some other reason.


Is there any security issues associated with generating private keys via a web browser ?


Do not give in to any kind of paranoid thinking, like this. You do not generate the key pairs on your web browser, you request a generation on the server. Even then you are not simply presented with your key afterwards. You need to generate a config, only then the key will be bundled with it.


It's also important to note that these keys do not enable someone to decrypt your traffic. They are merely there for user identification against the AirVPN servers. The most harm someone can do to you is being constantly connected with five clients. You delete the key, the "bad user" gets thrown out.

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.


» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Security Check
    Play CAPTCHA Audio
    Refresh Image

  • Create New...