CA, cert, key generation - Microhard Bullet 9

Scripts to manage certificates or generate config files
Post Reply
mrtrent
OpenVpn Newbie
Posts: 6
Joined: Wed Feb 10, 2021 4:19 am

CA, cert, key generation - Microhard Bullet 9

Post by mrtrent » Wed Feb 10, 2021 4:27 am

Hello,

Newbie with CAs, server certs, client keys, etc.

My situation - I have a Microhard Bullet 9 LTE modem that I can only import OpenVPN CAs, server certs, etc. From what I have read on the forum it is best to create the CA and server cert on the device that will be the server - in this case my Microhard. Does anyone have any suggestions on how I can best go about this or provide a link to a similar post? I have installed EasyRSA 3.0 - not sure how to tell if my microhard will be compatible with certs/keys generated by 3.0 or if I should use 2.0?

Any help is greatly appreciated.

Thanks,
MrTrent

mrtrent
OpenVpn Newbie
Posts: 6
Joined: Wed Feb 10, 2021 4:19 am

Re: CA, cert, key generation - Microhard Bullet 9

Post by mrtrent » Thu Feb 11, 2021 2:22 am

More on my question....Here is a summary of configuration screen:

VPN Setup
OpenVPN Mode Server
Device Type TUN
Topology NET30
Tunnel Protocol UDP
Port 1194

Server Virtual Subnet / Netmask 10.8.0.0 / 255.255.255.0

Authentication:

Root Certificate ca.crt

Public Server Certificate server.crt

Private Server Key server.key

Passphrase for Private Server Key •••••

Certificate Revocation List N/A

User/Password Authentication
Client Cert is Required

User Name List testuser

Miscellaneous:
Diffie hellman parameter DH2048
TLS Auth Key [ta.key]
Data Channel Cipher AES-256-CBC
Duplicate Common Name No
Client Isolation Yes

Use Compression Disable

And these are the errors I get:

Error in Public Server Certificate: Public Server Certificate is not exist/uploaded
Error in Private Server Key: Private Server Key is not exist/uploaded
Error in Client Certificate Client Certificate: Certificate error
Error in Client Certificate Client Key: key error

Not sure why I am getting Client Errors when setting up a server

Any feedback would be greatly appreciated.

Thanks
Mrtrent

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8661
Joined: Fri Jun 03, 2016 1:17 pm

Re: CA, cert, key generation - Microhard Bullet 9

Post by TinCanTech » Thu Feb 11, 2021 2:34 am

All the files which are created by EasyRSA are universally compatible. You do not need to generate them on your device and probably should not, due to a lack of entropy.

mrtrent
OpenVpn Newbie
Posts: 6
Joined: Wed Feb 10, 2021 4:19 am

Re: CA, cert, key generation - Microhard Bullet 9

Post by mrtrent » Thu Feb 11, 2021 3:13 am

Thanks for the reply.

It appears that I generated my CA, server certificate and key successfully using easyRSA (no errors anyway) and imported them to the microhard modem. Is there a way to check if I completed the first step (or what I assume is the first step) correctly? ie is there a way to discern that my issue is with the Microhard modem or with how I generated the certs and keys?

Just learning here and I appreciate any feedback.

mrtrent

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8661
Joined: Fri Jun 03, 2016 1:17 pm

Re: CA, cert, key generation - Microhard Bullet 9

Post by TinCanTech » Thu Feb 11, 2021 3:17 am

I don't know anything about your device ..

If you get openvpn to start then read your openvpn log file.

mrtrent
OpenVpn Newbie
Posts: 6
Joined: Wed Feb 10, 2021 4:19 am

Re: CA, cert, key generation - Microhard Bullet 9

Post by mrtrent » Thu Feb 11, 2021 3:35 am

I use a netgear 2440 box with pfsense for another openVPN instance, but the PFsense software handles the server and client certificate management. I can export an openvpn config file for my client computer and it works fine.
The device I am using now:

http://www.microhardcorp.com/BulletCAT9.php

Just lets me import certificates and keys.

Using windows 10 unfortunately as my client computer but no other option.

Thanks
mrtrent

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8661
Joined: Fri Jun 03, 2016 1:17 pm

Re: CA, cert, key generation - Microhard Bullet 9

Post by TinCanTech » Thu Feb 11, 2021 3:58 am

Please start here:
viewtopic.php?f=30&t=22603

mrtrent
OpenVpn Newbie
Posts: 6
Joined: Wed Feb 10, 2021 4:19 am

Re: CA, cert, key generation - Microhard Bullet 9

Post by mrtrent » Thu Feb 11, 2021 4:11 am

Thanks for the help

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8661
Joined: Fri Jun 03, 2016 1:17 pm

Re: CA, cert, key generation - Microhard Bullet 9

Post by TinCanTech » Thu Feb 11, 2021 4:27 am

My pleasure.

If all else fails then you can contact me for private support.

mrtrent
OpenVpn Newbie
Posts: 6
Joined: Wed Feb 10, 2021 4:19 am

Re: CA, cert, key generation - Microhard Bullet 9

Post by mrtrent » Thu Feb 11, 2021 3:46 pm

Got the issue solved.

As always, user error.

Thanks TinCanTech for the thoughts and links

Post Reply