English Forums > Virtual private networks

OpenVPN + Windows Server Certificate Authority

(1/1)

bato1986:
Hello everyone,

We have Windows Server with active directory and we have root CA on this server.
Is possible implement that certificate on Opnssense / OpenVPN. We want to use it instead of using self-sign certificate for every user? Some guideline to implement it?

Best Regards,
Alex

bartjsmit:
Hi Alex,

System, Trust, Authorities to import your root CA cert and any intermediates. System, Trust, Certificates, click the + in the top right corner to add a new cert. Select 'Create a Certificate Signing Request' next to method.

Sign the CSR in the MS cert web interface and import the resulting certificate back into OPNsense.

VPN, OpenVPN, Servers, click the + in the top right corner to add a new server. Select the AD cert under Peer Certificate Authority.

For each user, point the ca, cert and key values to the root CA cert file, their user cert file and its key respectively. Note that these can be put in-line into the OpenVPN config file with <ca></ca> <cert></cert> <key></key> tags for portability.

User enrollment and nifty PowerShell to automate their experience are left as an exercise to the reader  ;)

Bart...

Navigation

[0] Message Index