Hello everyone, I have to setup at least two different VPN types for my small network-OVPN and IPSec/RSA XAuth(for native android client)
I have some questions regarding certificates
First, I’ve created a certificate with CACert and now I’m using it with SSL webinterface on mikrotik router itself. Also I’ve specified the same certificate to use as OVPN server certificate, now I have to create certificates for roaming users. So the questions are: what should be the configs for clients? Do I need to use CACert’s root certificate on clients to validate server? Do I need my own CA certificate which I use to sign client’s certificates on clients devices? As I understand, ovpn config for client should include CACert’s root certificate to validate server and client’s certificate without my own CA(while own CA is trusted on mikrotik router itself) to validate client to ovpn server on router…
The second question is related to IPSec/RSA.
- Can I use the same CACert-issued certificate in IPSec->Peers to validate the server to peers
- How do I issue certificates to clients? I’ve tried to create a cerificate with key usage “ipsec user” and “tls client”, signed it with my CA, transferred it to Android device with CACert’s root CA and… nothing. I can specify CA but user cert in config remains empty…
Any guides regarding IPSec/RSA on android are greatly appreciated-google helps only on L2TP
And sorry for noobish questions =)