CA with let's Encrypt ?

Started by vikozo, May 07, 2019, 09:02:32 PM

Previous topic - Next topic
Hello

for doing a VPN you have to do a CA.
It is better to do it at this place
VPN: OpenVPN: Servers: Certificate Authority Selection

or should the
Services: Let's Encrypt: Settings

be used?

have a nice day
vinc
apu2c4 / wle200nx / 240 Disk --> Firewall | FW-03
---
OPNsense 22.1.6-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1n 15 Mar 2022

Hi,

for a CA used in OpenVPN you should never use a Let's Encrypt Zertifikate.

See https://redmine.pfsense.org/issues/8281

You will have to anyway configure the OpenVPN Clients with the server's CA. Just use the OPNsense OpenVPN wizard to let it create a proper private CA and certificate.

Cheers
Rainer

@rainerle
thanks for your Feedback.

so what is the Purpose of Let's Encrypt on the opnSense?

have a nice day
vinc
apu2c4 / wle200nx / 240 Disk --> Firewall | FW-03
---
OPNsense 22.1.6-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1n 15 Mar 2022

Hi,

I am using it for IPsec IKEv2 Mobile clients. The client then only requires user ID and password.

Other use cases are Haproxy SSL offloader or even web services directly hosted on the OPNsense.

Best regards
Rainer