lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri Jun 9 15:25:33 2006 From: tim-security at sentinelchicken.org (Tim) Subject: SSL VPNs and security > >Set up a wildcard record, *.webvpn.example.org, pointing to the device. > >The device then maps all internal domain names or IP addresses to a > >unique hostname, such as: internalhost.webvpn.example.org, or > >192-168-0-1.webvpn.example.org, etc. > > This has the side effect of making procurement of the SSL certificates > *very* expensive. SSL certificates are free. You just have to have enough knowledge to distribute your own CA certificate. For a VPN appliance, this should not be a problem at all, since only your trusted users should be accessing it. Even if you aren't competent enough to figure out how to distribute your own CA certificate, I believe there are such things as wildcard certificates. tim
Powered by blists - more mailing lists