I want to make an SSTP or OVPN VPN connection with a self signed certificate. Everywhere I have looked I find instructions for setting up these links with a Certificate Authority. Is this a bad idea? I created a self signed certificate and keys. Which certificates are necessary for the client side and which are necessary for the server side?
I created the Keys/Certificate here:
http://www.mobilefish.com/services/ssl_certificates/ssl_certificates.php
It gave me these files:
private key (.pem file)
public key (.pem file
private key values (.txt file)
certificate file (.pem)
certificate signing request file (.pem)
The CA public key will be required by the client.
On the server, you will need the certificate public & private key including the public key trustchain up to the CA.
This might not help too much though - you are better off looking at the wiki for more detailed directions.
http://wiki.mikrotik.com/wiki/Manual:Create_Certificates
If you install openssl on a Linux distribution, you will get the tools needed for creating your own “private” Certificate Authority and creating certificates (easy-rsa). I’m not sure if there is a windows version on these tools.
You have to join mikrotik’s certificate and the private key to a single file and can import them afterwards to your devices under System->Certificates->Import.
The generated CA file can be distributed on your machine as a trusted authority certificate (this is not a “secret” file - it is a public key).
Well I’m not much of a linux guy and don’t want to install linux if I don’t have to just to create certificates. Mainly I would like to understand how this all works.
I can get the certificates from this web site to import into my router (and I have a KR next to it). I want to be sure I’m doing this orrectly though. The only files that seem to be required are the private key and the certificate. I have the SSTP VPN running and the (same) certificate is selected on both ends. Does anyone know what the purpose of the rest of these files that were created with my self igned certificate is if they are unnecessary for this case? Or am I missing out on some security feature from setting this up wrong somehow?