• allywilson
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    1 year ago

    An OpenVPN profile generator with valid client certificate and the private key never leaves the client workstation.

    • Client browser logs in with their IPA creds + OTP.
    • Browser generates key pair and CSR (all stored in session storage)
    • Node requests certificate for user from IPA using CSR, returns cert to browser.
    • Browser combines new certificate with CA cert and the private key into the OpenVPN profile.
    • Browser downloads the OpenVPN profile file.