One of the most obvious problems that can lead to a bad grade on an SSL security scanning tool is that after installation of Access Server, the web interface will show you a warning that the connection may not be private and/or that the identity of the server could not be verified. Access Server does not come shipped with trusted SSL/TLS certificates. You must purchase or generate a trusted SSL/TLS certificate for the web interface of Access Server using a third-party service, and load that certificate into the Access Server web interface. In the following article, you can find more details about replacing your SSL certificate and some of the common methods of purchasing, generating and installing valid certificates: Installing a valid SSL Web certificate in Access Server
Another common issue may be related to the default cipher suite string used by the Access Server. Some older ciphers are allowed as they are necessary for older platforms to access the web interface. If you are using modern systems and you want to increase the security and grade of your SSL/TLS connections for the web services, you can configure a custom cipher suite string. We provide an example that is reasonably secure here: Selecting a custom cipher suite string for the webserver.
Access Server Resources:
OpenVPN Access Server Documentation
OpenVPN Access Server Resource Center
OpenVPN Access Server Admin Manual
Comments
0 comments
Please sign in to leave a comment.