OPNsense Forum

English Forums => Virtual private networks => Topic started by: bato1986 on September 17, 2021, 08:52:16 am

Title: OpenVPN + Windows Server Certificate Authority
Post by: bato1986 on September 17, 2021, 08:52:16 am: Hello everyone,

We have Windows Server with active directory and we have root CA on this server.
Is possible implement that certificate on Opnssense / OpenVPN. We want to use it instead of using self-sign certificate for every user? Some guideline to implement it?

Best Regards,
Alex
Title: Re: OpenVPN + Windows Server Certificate Authority
Post by: bartjsmit on September 17, 2021, 09:46:26 am: Hi Alex,

System, Trust, Authorities to import your root CA cert and any intermediates. System, Trust, Certificates, click the + in the top right corner to add a new cert. Select 'Create a Certificate Signing Request' next to method.

Sign the CSR in the MS cert web interface and import the resulting certificate back into OPNsense.

VPN, OpenVPN, Servers, click the + in the top right corner to add a new server. Select the AD cert under Peer Certificate Authority.

For each user, point the ca, cert and key values to the root CA cert file, their user cert file and its key respectively. Note that these can be put in-line into the OpenVPN config file with <ca></ca> <cert></cert> <key></key> tags for portability.

User enrollment and nifty PowerShell to automate their experience are left as an exercise to the reader ;)

Bart...

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy