Root CA for OpenVPN site to site VPN

svenny · January 07, 2025, 06:52:52 PM

Hi, I've followed this tutorial to obtain a site to site VPN (OpenVPN):

Setup SSL VPN site to site tunnel

At some point in the tutorial I've found this:

QuoteCopy the public part of the certificate authority to the firewall at Site A (use the download button and copy the contents into a new CA on this host)

If I do as suggested, the VPN cannot be established and I receive an error saying the check of the CA is failing.

So I've tried importing the public part of the certificate authority along with the private part and then it worked.

May i have any problem with this kind of configuration? Is the tutorial correct?

Many thanks in advance for your replies.

Cheers

viragomann · January 07, 2025, 07:28:26 PM

Quote from: svenny on January 07, 2025, 06:52:52 PMMay i have any problem with this kind of configuration?

If you trust the site, where you imported the private key, there is nothing to worry about.
It enables the CA to issue certificates. However, this should rather be done on one site only.

QuoteIs the tutorial correct?

Yes, just for verifying the remote sites certificate, the public part should be sufficient in fact.

Root CA for OpenVPN site to site VPN

svenny

January 07, 2025, 06:52:52 PM

viragomann

January 07, 2025, 07:28:26 PM #1