Jump to content
Not connected, Your IP: 54.226.126.38
chunteraa

client certifcate/key pairs

Recommended Posts

A few months ago a new options was added to the control panel "client area" on airvpn webUI.

The option is "Devices/Keys".

I found a forum post describing this new feature: https://airvpn.org/topic/26209-how-to-manage-client-certificatekey-pairs/?hl=keys

 

Not sure the reason for this option. It appears to allow rejection or renewal of openvpn/easyrsa ssl certs generated with airvpn config generator.

I assume this implements a crl (certificate revoke list) for client certs ?

 

Does this feature allow create new signed key pairs ?

Is there any security issues associated with generating private keys via a web browser ?

 

 

Share this post


Link to post

I assume this implements a crl (certificate revoke list) for client certs ?

 

Not quite. You create keys with your own names so that you can, for instance, connect to AirVPN on a device you are not going to use for long. So you generate a new key pair and use this to generate a config. When you no longer use it you delete the pair and this key can no longer be used to connect to AirVPN with your account.

 

A Certificate Revocation List by definition is a list of keys with a still ongoing validity which are marked invalid out of any reason by the issuer or owner before its time of validity expired. Your AirVPN keys are valid indefinitely, so a revocation makes little sense. Instead, you just delete the key from the database so that connecting with a deleted key leads nowhere.

 

Does this feature allow create new signed key pairs ?

 

It creates key pairs for you to use on different devices, for different purposes or some other reason.

 

Is there any security issues associated with generating private keys via a web browser ?

 

Do not give in to any kind of paranoid thinking, like this. You do not generate the key pairs on your web browser, you request a generation on the server. Even then you are not simply presented with your key afterwards. You need to generate a config, only then the key will be bundled with it.

 

It's also important to note that these keys do not enable someone to decrypt your traffic. They are merely there for user identification against the AirVPN servers. The most harm someone can do to you is being constantly connected with five clients. You delete the key, the "bad user" gets thrown out.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...