draft HOWTO "Use a Windows CA with OpenVPN"

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
afancyadmin
OpenVpn Newbie
Posts: 1
Joined: Thu Jan 02, 2020 8:16 pm

Re: draft HOWTO "Use a Windows CA with OpenVPN"

Post by afancyadmin » Thu Jan 09, 2020 8:59 pm

I know this is a super old thread, but any chance the linked document still lives someplace?
We have our own CA and all window clients have a valid cert. I just need to see how to make the ovpn file so it uses the local cert and not an embedded one.

tedm
OpenVpn Newbie
Posts: 6
Joined: Sun May 16, 2021 4:30 pm

Re: draft HOWTO "Use a Windows CA with OpenVPN"

Post by tedm » Fri May 21, 2021 10:34 pm

Here ya go:

https://docs.microsoft.com/en-us/window ... tall-win10

Just install as per Microsoft's instructions then generate the CA's under Ubuntu using OpenSSL per the OpenVPN's instructions. As you can see by the above Microsoft has Ubuntu running seamlessly on the desktop.

Wow, Microsoft and Linux, together! Hope nobody's head explodes!
Haven't you heard, they aren't fighting anymore: https://cloudblogs.microsoft.com/window ... ves-linux/

Oh wait, you want to use WINDOWS CA? Well sorry, that's what you get when you try to reanimate zombie threads... ;-) Guess I COULD have posted the instructions to install OpenSSL under Windows instead... :-)

Seriously, why would you want to use a screwdriver to hammer in nails??? Best tool for the job even Microsoft admits to that now.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: draft HOWTO "Use a Windows CA with OpenVPN"

Post by TinCanTech » Fri May 21, 2021 11:05 pm

tedm wrote:
Fri May 21, 2021 10:34 pm
Wow, Microsoft and Linux, together! Hope nobody's head explodes!
Haven't you heard, they aren't fighting anymore
Wow .. aviating pork ! -- Naivety is no defence.

You do know that M$ paid Seven Billion Dollars for github.com ?
The dust has not settled yet and most likely never will.

Anyway, why use Microsoft to manage a CA when OpenVPN provide the tools:
https://github.com/OpenVPN/easy-rsa

And additional tools to enhance that:
https://github.com/TinCanTech/easy-tls
https://github.com/TinCanTech/easy-pfp

nothing
OpenVpn Newbie
Posts: 4
Joined: Thu Oct 09, 2014 12:46 pm

Re: draft HOWTO "Use a Windows CA with OpenVPN"

Post by nothing » Fri Dec 03, 2021 4:32 am

TinCanTech wrote:
Fri May 21, 2021 11:05 pm
Anyway, why use Microsoft to manage a CA when OpenVPN provide the tools:
https://github.com/OpenVPN/easy-rsa

And additional tools to enhance that:
https://github.com/TinCanTech/easy-tls
https://github.com/TinCanTech/easy-pfp
Because there is no better way to manage computers running windows :)
With windows CA (and active directory) you have:
* Seamless certificate issue and renewal. The user is not required to do anything to have it's certificate issued and regularly renewed.
* Unexportable certificates - once issued, can't be stolen.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: draft HOWTO "Use a Windows CA with OpenVPN"

Post by TinCanTech » Fri Dec 03, 2021 7:22 am

Why trust Microshaft to do that which you can do better for yourself ?

Remember the Anti-Trust Law Suit ?

Naivety is no defence ..

nothing
OpenVpn Newbie
Posts: 4
Joined: Thu Oct 09, 2014 12:46 pm

Re: draft HOWTO "Use a Windows CA with OpenVPN"

Post by nothing » Fri Dec 03, 2021 2:00 pm

I could be wrong...
Please name at least one usable by openvpn alternative where you can issue/renew certificate without having the private key in plain text without an easy way to copy it?

Post Reply