Community discussions

MUM Europe 2020
 
pkelly1603
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Mon Jun 15, 2009 11:13 pm

SSTP/OVPN with Self-Signed Certificate

Tue Jul 17, 2012 11:38 pm

I want to make an SSTP or OVPN VPN connection with a self signed certificate. Everywhere I have looked I find instructions for setting up these links with a Certificate Authority. Is this a bad idea? I created a self signed certificate and keys. Which certificates are necessary for the client side and which are necessary for the server side?

I created the Keys/Certificate here:

http://www.mobilefish.com/services/ssl_ ... icates.php

It gave me these files:
private key (.pem file)
public key (.pem file
private key values (.txt file)
certificate file (.pem)
certificate signing request file (.pem)
 
biomesh
Member Candidate
Member Candidate
Posts: 139
Joined: Fri Feb 10, 2012 8:25 pm

Re: SSTP/OVPN with Self-Signed Certificate

Tue Jul 17, 2012 11:58 pm

The CA public key will be required by the client.

On the server, you will need the certificate public & private key including the public key trustchain up to the CA.

This might not help too much though - you are better off looking at the wiki for more detailed directions.

http://wiki.mikrotik.com/wiki/Manual:Cr ... rtificates
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1220
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: SSTP/OVPN with Self-Signed Certificate

Wed Jul 18, 2012 8:47 am

If you install openssl on a Linux distribution, you will get the tools needed for creating your own "private" Certificate Authority and creating certificates (easy-rsa). I'm not sure if there is a windows version on these tools.
You have to join mikrotik's certificate and the private key to a single file and can import them afterwards to your devices under System->Certificates->Import.
The generated CA file can be distributed on your machine as a trusted authority certificate (this is not a "secret" file - it is a public key).
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
pkelly1603
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Mon Jun 15, 2009 11:13 pm

Re: SSTP/OVPN with Self-Signed Certificate

Tue Jul 24, 2012 12:27 am

Well I'm not much of a linux guy and don't want to install linux if I don't have to just to create certificates. Mainly I would like to understand how this all works.

I can get the certificates from this web site to import into my router (and I have a KR next to it). I want to be sure I'm doing this orrectly though. The only files that seem to be required are the private key and the certificate. I have the SSTP VPN running and the (same) certificate is selected on both ends. Does anyone know what the purpose of the rest of these files that were created with my self igned certificate is if they are unnecessary for this case? Or am I missing out on some security feature from setting this up wrong somehow?

Who is online

Users browsing this forum: lehanspb, maddogslo, MSN [Bot], n8anjay, sstefanov, theprojectgroup and 37 guests