Hello all,
I'm looking for a quick review of my SSL VPN setup and something that keeps going over in my head.
My UTM setup is:
I have both a public recognized cert as well as self signed. My public X509 is issued to *.domain.com wildcard and is correct. It is used for my portal and verified correctly with all CA's. I also have the self-signed X509 user certs and VPN certs.
1. Under cert management --> Advanced; I have generated my self-signed X509 vpn signing cert. AKA: My signing CA. This defaults to Local X509 cert.
2. I have my user cert as well (X509 for user1)
3. For my SSL VPN, I have my Local X509 for my server certificate for cryptographic settings.
4. I"ve granted user1 access to the VPN and it will connect.
Questions:
My VPN does work correctly and I can connect in but I don't understand how it isn't subject to a MITM attack if I am self-signing my own cert I'm using to verify that vpn.domain.com is my own actual vpn.domain.com. At some point isn't there a best practice to use a public CA or your private key to sign the cert?
Appreciate any help!
This thread was automatically locked due to age.