CA, cert, key generation - Microhard Bullet 9
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Feb 10, 2021 4:19 am
CA, cert, key generation - Microhard Bullet 9
Hello,
Newbie with CAs, server certs, client keys, etc.
My situation - I have a Microhard Bullet 9 LTE modem that I can only import OpenVPN CAs, server certs, etc. From what I have read on the forum it is best to create the CA and server cert on the device that will be the server - in this case my Microhard. Does anyone have any suggestions on how I can best go about this or provide a link to a similar post? I have installed EasyRSA 3.0 - not sure how to tell if my microhard will be compatible with certs/keys generated by 3.0 or if I should use 2.0?
Any help is greatly appreciated.
Thanks,
MrTrent
Newbie with CAs, server certs, client keys, etc.
My situation - I have a Microhard Bullet 9 LTE modem that I can only import OpenVPN CAs, server certs, etc. From what I have read on the forum it is best to create the CA and server cert on the device that will be the server - in this case my Microhard. Does anyone have any suggestions on how I can best go about this or provide a link to a similar post? I have installed EasyRSA 3.0 - not sure how to tell if my microhard will be compatible with certs/keys generated by 3.0 or if I should use 2.0?
Any help is greatly appreciated.
Thanks,
MrTrent
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Feb 10, 2021 4:19 am
Re: CA, cert, key generation - Microhard Bullet 9
More on my question....Here is a summary of configuration screen:
VPN Setup
OpenVPN Mode Server
Device Type TUN
Topology NET30
Tunnel Protocol UDP
Port 1194
Server Virtual Subnet / Netmask 10.8.0.0 / 255.255.255.0
Authentication:
Root Certificate ca.crt
Public Server Certificate server.crt
Private Server Key server.key
Passphrase for Private Server Key •••••
Certificate Revocation List N/A
User/Password Authentication
Client Cert is Required
User Name List testuser
Miscellaneous:
Diffie hellman parameter DH2048
TLS Auth Key [ta.key]
Data Channel Cipher AES-256-CBC
Duplicate Common Name No
Client Isolation Yes
Use Compression Disable
And these are the errors I get:
Error in Public Server Certificate: Public Server Certificate is not exist/uploaded
Error in Private Server Key: Private Server Key is not exist/uploaded
Error in Client Certificate Client Certificate: Certificate error
Error in Client Certificate Client Key: key error
Not sure why I am getting Client Errors when setting up a server
Any feedback would be greatly appreciated.
Thanks
Mrtrent
VPN Setup
OpenVPN Mode Server
Device Type TUN
Topology NET30
Tunnel Protocol UDP
Port 1194
Server Virtual Subnet / Netmask 10.8.0.0 / 255.255.255.0
Authentication:
Root Certificate ca.crt
Public Server Certificate server.crt
Private Server Key server.key
Passphrase for Private Server Key •••••
Certificate Revocation List N/A
User/Password Authentication
Client Cert is Required
User Name List testuser
Miscellaneous:
Diffie hellman parameter DH2048
TLS Auth Key [ta.key]
Data Channel Cipher AES-256-CBC
Duplicate Common Name No
Client Isolation Yes
Use Compression Disable
And these are the errors I get:
Error in Public Server Certificate: Public Server Certificate is not exist/uploaded
Error in Private Server Key: Private Server Key is not exist/uploaded
Error in Client Certificate Client Certificate: Certificate error
Error in Client Certificate Client Key: key error
Not sure why I am getting Client Errors when setting up a server
Any feedback would be greatly appreciated.
Thanks
Mrtrent
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: CA, cert, key generation - Microhard Bullet 9
All the files which are created by EasyRSA are universally compatible. You do not need to generate them on your device and probably should not, due to a lack of entropy.
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Feb 10, 2021 4:19 am
Re: CA, cert, key generation - Microhard Bullet 9
Thanks for the reply.
It appears that I generated my CA, server certificate and key successfully using easyRSA (no errors anyway) and imported them to the microhard modem. Is there a way to check if I completed the first step (or what I assume is the first step) correctly? ie is there a way to discern that my issue is with the Microhard modem or with how I generated the certs and keys?
Just learning here and I appreciate any feedback.
mrtrent
It appears that I generated my CA, server certificate and key successfully using easyRSA (no errors anyway) and imported them to the microhard modem. Is there a way to check if I completed the first step (or what I assume is the first step) correctly? ie is there a way to discern that my issue is with the Microhard modem or with how I generated the certs and keys?
Just learning here and I appreciate any feedback.
mrtrent
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: CA, cert, key generation - Microhard Bullet 9
I don't know anything about your device ..
If you get openvpn to start then read your openvpn log file.
If you get openvpn to start then read your openvpn log file.
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Feb 10, 2021 4:19 am
Re: CA, cert, key generation - Microhard Bullet 9
I use a netgear 2440 box with pfsense for another openVPN instance, but the PFsense software handles the server and client certificate management. I can export an openvpn config file for my client computer and it works fine.
The device I am using now:
http://www.microhardcorp.com/BulletCAT9.php
Just lets me import certificates and keys.
Using windows 10 unfortunately as my client computer but no other option.
Thanks
mrtrent
The device I am using now:
http://www.microhardcorp.com/BulletCAT9.php
Just lets me import certificates and keys.
Using windows 10 unfortunately as my client computer but no other option.
Thanks
mrtrent
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: CA, cert, key generation - Microhard Bullet 9
Please start here:
viewtopic.php?f=30&t=22603
viewtopic.php?f=30&t=22603
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Feb 10, 2021 4:19 am
Re: CA, cert, key generation - Microhard Bullet 9
Thanks for the help
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: CA, cert, key generation - Microhard Bullet 9
My pleasure.
If all else fails then you can contact me for private support.
If all else fails then you can contact me for private support.
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Feb 10, 2021 4:19 am
Re: CA, cert, key generation - Microhard Bullet 9
Got the issue solved.
As always, user error.
Thanks TinCanTech for the thoughts and links
As always, user error.
Thanks TinCanTech for the thoughts and links
-
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Jun 23, 2023 12:38 am
Re: CA, cert, key generation - Microhard Bullet 9
hello @alquiler
A need to understand hwo configure OPEN VPN in Mricrohard modem CAT4-gl, can you help me. necesito asociar los certificados generados por firewall palo alto en el microhard, si bien veo que tiene un formato .
A need to understand hwo configure OPEN VPN in Mricrohard modem CAT4-gl, can you help me. necesito asociar los certificados generados por firewall palo alto en el microhard, si bien veo que tiene un formato .