On Wed, 2014-12-31 at 09:06 -0800, Kevin Cernekee wrote: > One thing that might help here is for frontends like luci-ocserv to > report the expected cert fingerprint in a prominent location, and warn > the user against accepting any new certs if they didn't change the > ocserv configuration. If this page can be viewed in read-only mode > without logging in to the router, that is even better. The latter is probably difficult, but printing the hash and key IDs is probably a good idea. I'll check it.