I want to make an SSTP or OVPN VPN connection with a self signed certificate. Everywhere I have looked I find instructions for setting up these links with a Certificate Authority. Is this a bad idea? I created a self signed certificate and keys. Which certificates are necessary for the client side and which are necessary for the server side?
I created the Keys/Certificate here:
http://www.mobilefish.com/services/ssl_ ... icates.php
It gave me these files:
private key (.pem file)
public key (.pem file
private key values (.txt file)
certificate file (.pem)
certificate signing request file (.pem)
Re: SSTP/OVPN with Self-Signed Certificate
The CA public key will be required by the client.
On the server, you will need the certificate public & private key including the public key trustchain up to the CA.
This might not help too much though - you are better off looking at the wiki for more detailed directions.
http://wiki.mikrotik.com/wiki/Manual:Cr ... rtificates
On the server, you will need the certificate public & private key including the public key trustchain up to the CA.
This might not help too much though - you are better off looking at the wiki for more detailed directions.
http://wiki.mikrotik.com/wiki/Manual:Cr ... rtificates
Re: SSTP/OVPN with Self-Signed Certificate
If you install openssl on a Linux distribution, you will get the tools needed for creating your own "private" Certificate Authority and creating certificates (easy-rsa). I'm not sure if there is a windows version on these tools.
You have to join mikrotik's certificate and the private key to a single file and can import them afterwards to your devices under System->Certificates->Import.
The generated CA file can be distributed on your machine as a trusted authority certificate (this is not a "secret" file - it is a public key).
You have to join mikrotik's certificate and the private key to a single file and can import them afterwards to your devices under System->Certificates->Import.
The generated CA file can be distributed on your machine as a trusted authority certificate (this is not a "secret" file - it is a public key).
-
-
pkelly1603
Member Candidate
- Posts: 105
- Joined:
Re: SSTP/OVPN with Self-Signed Certificate
Well I'm not much of a linux guy and don't want to install linux if I don't have to just to create certificates. Mainly I would like to understand how this all works.
I can get the certificates from this web site to import into my router (and I have a KR next to it). I want to be sure I'm doing this orrectly though. The only files that seem to be required are the private key and the certificate. I have the SSTP VPN running and the (same) certificate is selected on both ends. Does anyone know what the purpose of the rest of these files that were created with my self igned certificate is if they are unnecessary for this case? Or am I missing out on some security feature from setting this up wrong somehow?
I can get the certificates from this web site to import into my router (and I have a KR next to it). I want to be sure I'm doing this orrectly though. The only files that seem to be required are the private key and the certificate. I have the SSTP VPN running and the (same) certificate is selected on both ends. Does anyone know what the purpose of the rest of these files that were created with my self igned certificate is if they are unnecessary for this case? Or am I missing out on some security feature from setting this up wrong somehow?
Who is online
Users browsing this forum: Bing [Bot], kkeyser and 42 guests