diff --git a/VM_OPENSSL_APACHE.sh b/VM_OPENSSL_APACHE.sh
index 0d899d9..182bbde 100644
--- a/VM_OPENSSL_APACHE.sh
+++ b/VM_OPENSSL_APACHE.sh
@@ -7,6 +7,18 @@ sudo yum install -y epel-release
 sudo yum install -y openssl httpd mod_ssl mod_authnz_pam google-authenticator 
 sudo yum install -y mod_session
 
+# utilizador
+id -u john &>/dev/null || useradd john
+echo "password" | passwd --stdin john
+
+# dar acesso ao apache para ler o .google_authenticator
+groupadd -f totp
+usermod -aG totp apache
+usermod -aG totp john
+
+sudo chown apache:totp /home/john/.google_authenticator
+sudo chmod 660 /home/john/.google_authenticator
+
 if_dentro="enp0s8"
 ip_dentro="10.60.0.1"
 ifconfig $if_dentro $ip_dentro netmask 255.255.255.0
@@ -34,6 +46,7 @@ cp ca/ca.crt /etc/httpd/ssl/
 cp ca/apache.crt /etc/httpd/ssl/
 cp ca/apache.key /etc/httpd/ssl/
 cp conf/ssl.conf /etc/httpd/conf.d/ssl.conf
+cp conf/httpd.conf /etc/httpd/conf/httpd.conf
 cp conf/httpd-totp /etc/pam.d/httpd-totp
 
 # NOTA(vasco) é preciso desativar home protection outra vez
@@ -51,12 +64,3 @@ cp -r www/* /var/www/html/
 chown -R apache:apache /var/www/html/
 
 systemctl enable --now httpd
-
-# acho ?????
-sudo chgrp apache /etc/shadow
-sudo chmod o+x /home/john
-sudo chown apache /home/john/.google_authenticator
-sudo chmod 400 /home/john/.google_authenticator
-sudo chmod o+x /home/user
-sudo chown apache /home/user/.google_authenticator
-sudo chmod 400 /home/user/.google_authenticator
diff --git a/VM_VPN_GATEWAY.sh b/VM_VPN_GATEWAY.sh
index 0f3aa88..49f7075 100644
--- a/VM_VPN_GATEWAY.sh
+++ b/VM_VPN_GATEWAY.sh
@@ -8,7 +8,6 @@
 source VM_CONFIG.sh
 yum install -y google-authenticator qrencode ntpsec
 
-
 # --- forwarding --- #
 if_fora="enp0s8"
 ip_fora="193.136.212.1"
@@ -23,13 +22,13 @@ ifconfig $if_dentro $ip_dentro netmask 255.255.255.0
 echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
 sysctl -p /etc/sysctl.conf
 
-iptables -I INPUT 1  -p udp --dport 1194 -j ACCEPT # :O
-iptables -I FORWARD 1 -i $mega_tunel -o $if_dentro -j ACCEPT # :P
-iptables -I FORWARD 1 -i $if_dentro -o $mega_tunel -j ACCEPT # ;)
-iptables -I FORWARD 1 -i $mega_tunel -o $if_fora -j ACCEPT # faltava isto ?
-iptables -I FORWARD 1 -i $if_fora -m state --state ESTABLISHED,RELATED -j ACCEPT # faltava isto ?
-iptables -t nat -A POSTROUTING -s $ip_mega_tunel -o $if_fora -j MASQUERADE # :D
-iptables-save > /etc/sysconfig/iptables # :3
+iptables -I INPUT 1  -p udp --dport 1194 -j ACCEPT
+iptables -I FORWARD 1 -i $mega_tunel -o $if_dentro -j ACCEPT
+iptables -I FORWARD 1 -i $if_dentro -o $mega_tunel -j ACCEPT
+iptables -I FORWARD 1 -i $mega_tunel -o $if_fora -j ACCEPT
+iptables -I FORWARD 1 -i $if_fora -m state --state ESTABLISHED,RELATED -j ACCEPT
+iptables -t nat -A POSTROUTING -s $ip_mega_tunel -o $if_fora -j MASQUERADE
+iptables-save > /etc/sysconfig/iptables
 
 # --- vpn server --- #
 vpn_dir="/etc/openvpn/server"
@@ -42,3 +41,12 @@ cp conf/vpn.conf $vpn_dir
 cp conf/ocsp-verify.sh $vpn_dir
 cp conf/totp /etc/pam.d/
 systemctl enable --now openvpn-server@vpn.service
+
+# --- utilizador --- #
+id -u john &>/dev/null || useradd john
+echo "password" | passwd --stdin john
+groupadd -f totp
+usermod -aG totp john
+usermod -aG totp openvpn
+sudo chown john:totp /home/john/.google_authenticator
+sudo chmod 660 /home/john/.google_authenticator
\ No newline at end of file
diff --git a/relatorio/relatorio.aux b/relatorio/relatorio.aux
index 6b84904..e695bf7 100644
--- a/relatorio/relatorio.aux
+++ b/relatorio/relatorio.aux
@@ -24,7 +24,7 @@
 \@writefile{toc}{\contentsline {subsection}{\numberline {5.2}Configuração do Serviço Apache}{9}{subsection.5.2}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsubsection}{\numberline {5.2.1}Testes}{9}{subsubsection.5.2.1}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {5.3}Configuração do Serviço OpenSSL}{9}{subsection.5.3}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsubsection}{\numberline {5.3.1}Testes}{9}{subsubsection.5.3.1}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsubsection}{\numberline {5.3.1}Testes}{10}{subsubsection.5.3.1}\protected@file@percent }
 \@writefile{toc}{\contentsline {section}{\numberline {6}Teste Integrado}{10}{section.6}\protected@file@percent }
 \@writefile{toc}{\contentsline {section}{\numberline {7}Conclusão}{10}{section.7}\protected@file@percent }
 \gdef \@abspage@last{10}
diff --git a/relatorio/relatorio.log b/relatorio/relatorio.log
index fa46bab..929a7e2 100644
--- a/relatorio/relatorio.log
+++ b/relatorio/relatorio.log
@@ -1,4 +1,4 @@
-This is pdfTeX, Version 3.141592653-2.6-1.40.29 (TeX Live 2026/Arch Linux) (preloaded format=pdflatex 2026.4.13)  27 APR 2026 20:43
+This is pdfTeX, Version 3.141592653-2.6-1.40.29 (TeX Live 2026/Arch Linux) (preloaded format=pdflatex 2026.4.13)  27 APR 2026 22:37
 entering extended mode
  \write18 enabled.
  %&-line parsing enabled.
@@ -1221,8 +1221,13 @@ Package pdftex.def Info: google-authenticator.jpg  used on input line 314.
 \openout6 = `relatorio.listing'.
 
 
-(/home/raw/uni/fsi/trabalho/relatorio/relatorio.listing) [8 </home/raw/uni/fsi/
-trabalho/relatorio/google-authenticator.jpg>]
+(/home/raw/uni/fsi/trabalho/relatorio/relatorio.listing)
+Overfull \hbox (2.06862pt too wide) in paragraph at lines 352--356
+\T1/Raleway-OsF/m/n/10.95 Para ve-ri-fi-car que o OCSP fun-ci-ona cor-rec-ta-me
+nte, o cli-ente co-nec-tou ao ser-vi-dor OpenVPN:
+ []
+
+[8 </home/raw/uni/fsi/trabalho/relatorio/google-authenticator.jpg>]
 \openout6 = `relatorio.listing'.
 
 
@@ -1256,7 +1261,7 @@ xmf-dist/fonts/type1/impallari/raleway/Raleway-Regular.pfb></usr/share/texmf-di
 st/fonts/type1/public/cm-super/sftt0900.pfb></usr/share/texmf-dist/fonts/type1/
 public/cm-super/sftt1095.pfb>
 Output written on /home/raw/uni/fsi/trabalho/relatorio/relatorio.pdf (10 pages,
- 168978 bytes).
+ 169461 bytes).
 PDF statistics:
  387 PDF objects out of 1000 (max. 8388607)
  336 compressed objects within 4 object streams
diff --git a/relatorio/relatorio.pdf b/relatorio/relatorio.pdf
index bbb7597..cf2c19d 100644
Binary files a/relatorio/relatorio.pdf and b/relatorio/relatorio.pdf differ
diff --git a/relatorio/relatorio.tex b/relatorio/relatorio.tex
index 3d0b4a1..faacb8e 100644
--- a/relatorio/relatorio.tex
+++ b/relatorio/relatorio.tex
@@ -346,6 +346,17 @@ auth SHA256
 
 \subsection{Testes}
 
+% TODO: screenshots? dizer que erros exatos nos obtemos a cada etapa
+% TODO: erros ortograficos lol 
+
+Para verificar que o OCSP funciona correctamente, o cliente conectou ao servidor OpenVPN:
+primeiro, sem o servidor OCSP a correr, uma segunda vez com ele a correr e com o certificado correcto
+e uma terceira vez com um certificado revogado. Fizemos estes testes sabendo que o 
+cliente e o servidor já estavam correctamente configurados.
+
+Verificamos que, como é suposto: sem OCSP não é possivel autenticar; com OCSP e com certificado válido,
+podemos autenticar; e com OCSP mas com certificado revogado, a autenticação falha.
+
 \section{Servidor Apache e OCSP}
 
 \subsection{Configuração da Máquina}
diff --git a/relatorio/relatorio.toc b/relatorio/relatorio.toc
index 62ea360..3e4b9ed 100644
--- a/relatorio/relatorio.toc
+++ b/relatorio/relatorio.toc
@@ -17,6 +17,6 @@
 \contentsline {subsection}{\numberline {5.2}Configuração do Serviço Apache}{9}{subsection.5.2}%
 \contentsline {subsubsection}{\numberline {5.2.1}Testes}{9}{subsubsection.5.2.1}%
 \contentsline {subsection}{\numberline {5.3}Configuração do Serviço OpenSSL}{9}{subsection.5.3}%
-\contentsline {subsubsection}{\numberline {5.3.1}Testes}{9}{subsubsection.5.3.1}%
+\contentsline {subsubsection}{\numberline {5.3.1}Testes}{10}{subsubsection.5.3.1}%
 \contentsline {section}{\numberline {6}Teste Integrado}{10}{section.6}%
 \contentsline {section}{\numberline {7}Conclusão}{10}{section.7}%