Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: mudra on March 14, 2009, 09:23:42 PM

Title: openvpn-bridge - No more certificate confusion.
Post by: mudra on March 14, 2009, 09:23:42 PM

I have followed the instructions on the new wiki page for the openvpn-bridge contrib and everything works well until I have to install the certificates. I have installed the PHPKi contrib as well. I am running an SME 7.4 and I have never used any other contrib for VPN.

when I try and fill in the following information:-

    * A master Certificate (used to verify clients certificates)
    * The server certificate (used by clients to verify the server)
    * The server private key associated with the certificate
    * Diffie-Helman parameters (Used to exchange the session key)
    * An optional key generate by openvpn to add TLS authentication

I am not sure what to fill in:

? Is the master certicate the same as the "root" certificate ?

I have created a "server" certificate; where do a I find the private key associated with this certicate ?

The other 2 keys I believe can be found via the PHPKi interface.

Can anyone point me in the right direction ?

I am sure that there is not a bug, I am sure that it is my understanding of the instructions / technique ?

Thanks for any help.

Mudra

EDITED: For a spelling mistake

Title: Re: openvpn-bridge - certificate confusion
Post by: Tib on March 16, 2009, 12:23:43 PM

I have to admit ... I'm having a bit of trouble understanding this as well.

Mine is a complete new install.

You have this in OpenVpn:

• A master Certificate (used to verify clients certificates)
  The server certificate (used by clients to verify the server)
  The server private key associated with the certificate
  Diffie-Helman parameters (Used to exchange the session key)
  An optional key generate by openvpn to add TLS authentication

Then in Certificate Manager:

• E-Mail, SSL Client
  E-Mail, SSL Client, Code Signing
  SSL Server
  VPN Client Only
  VPN Server Only
  VPN Client, VPN Server
  Time Stamping

I'm not quite sure what ties up with what ... except the VPN server and vpn client cert of course but the rest I'm a bit baffled with as well.

I could use a bit of guidance as well please.

Regards,

Tib

Title: Re: openvpn-bridge - certificate confusion
Post by: Daniel B. on March 16, 2009, 02:09:46 PM

I've just added a small section in the wiki page to configure the certificates using PHPki: http://wiki.contribs.org/OpenVPN_Bridge#Using_PHPki_to_manage_the_certificates

I hope it'll help. Please, let me know.

Title: Re: openvpn-bridge - certificate confusion
Post by: Tib on March 16, 2009, 02:22:55 PM

VIP-ire,

Thanks very much ... That helped a lot.


Regards,

Tib

Title: Re: openvpn-bridge - No more certificate confusion.
Post by: mudra on March 16, 2009, 06:48:32 PM

The extra information on the WIKI was the key to setting this up.

Thanks for the work on the contrib and helping me out with the email.

Mudra

Title: Re: openvpn-bridge - No more certificate confusion.
Post by: Daniel B. on March 16, 2009, 06:51:49 PM

No problem, I'm glade my contribs are used ;)

Do not hesitate to report bugs in the bug tracker, and to correct/enhance the wiki page (english isn't my natural language, so maybe some parts are not very clear for everyone).

Cheers