CA with let's Encrypt ?

Started by vikozo, May 07, 2019, 09:02:32 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 07, 2019, 09:02:32 PM
Hello

for doing a VPN you have to do a CA.
It is better to do it at this place
VPN: OpenVPN: Servers: Certificate Authority Selection

or should the
Services: Let's Encrypt: Settings

be used?

have a nice day
vinc
apu2c4 / wle200nx / 240 Disk --> Firewall | FW-03
---
OPNsense 22.1.6-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1n 15 Mar 2022
May 08, 2019, 07:36:47 PM #1
Hi,

for a CA used in OpenVPN you should never use a Let's Encrypt Zertifikate.

See https://redmine.pfsense.org/issues/8281

You will have to anyway configure the OpenVPN Clients with the server's CA. Just use the OPNsense OpenVPN wizard to let it create a proper private CA and certificate.

Cheers
Rainer
May 09, 2019, 07:34:01 AM #2
@rainerle
thanks for your Feedback.

so what is the Purpose of Let's Encrypt on the opnSense?

have a nice day
vinc
apu2c4 / wle200nx / 240 Disk --> Firewall | FW-03
---
OPNsense 22.1.6-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1n 15 Mar 2022
May 09, 2019, 02:31:06 PM #3
Hi,

I am using it for IPsec IKEv2 Mobile clients. The client then only requires user ID and password.

Other use cases are Haproxy SSL offloader or even web services directly hosted on the OPNsense.

Best regards
Rainer
Print
Go Up Pages1
User actions