Text only | Text with Images

OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: vikozo on May 07, 2019, 09:02:32 PM

Title: CA with let's Encrypt ?
Post by: vikozo on May 07, 2019, 09:02:32 PM
Hello

for doing a VPN you have to do a CA.
It is better to do it at this place
VPN: OpenVPN: Servers: Certificate Authority Selection

or should the
Services: Let's Encrypt: Settings

be used?

have a nice day
vinc
Title: Re: CA with let's Encrypt ?
Post by: rainerle on May 08, 2019, 07:36:47 PM
Hi,

for a CA used in OpenVPN you should never use a Let's Encrypt Zertifikate.

See https://redmine.pfsense.org/issues/8281

You will have to anyway configure the OpenVPN Clients with the server's CA. Just use the OPNsense OpenVPN wizard to let it create a proper private CA and certificate.

Cheers
Rainer
Title: Re: CA with let's Encrypt ?
Post by: vikozo on May 09, 2019, 07:34:01 AM
@rainerle
thanks for your Feedback.

so what is the Purpose of Let's Encrypt on the opnSense?

have a nice day
vinc
Title: Re: CA with let's Encrypt ?
Post by: rainerle on May 09, 2019, 02:31:06 PM
Hi,

I am using it for IPsec IKEv2 Mobile clients. The client then only requires user ID and password.

Other use cases are Haproxy SSL offloader or even web services directly hosted on the OPNsense.

Best regards
Rainer
Text only | Text with Images