Hi,
The certificate we were using for openvpn was about to expire, so I generated a self-signed root certificate and a new certificate for our VPN.
As expected, I needed to install the new root certificate on our Windows machines using the OpenVPN client.
However, I did NOT need to install the new root certificate on the Mikrotik router clients. I was a bit surprised. Does this mean that the OpenVPN client in the router will trust any root certificate? This is not a problem for me, I just want to make sure that it’s not going to stop working suddenly later on. Is there any way for me to check on the client what certificate is used, so I can make sure it’s using the new one?