I know this is a super old thread, but any chance the linked document still lives someplace?
We have our own CA and all window clients have a valid cert. I just need to see how to make the ovpn file so it uses the local cert and not an embedded one.
draft HOWTO "Use a Windows CA with OpenVPN"
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Thu Jan 02, 2020 8:16 pm
-
- OpenVpn Newbie
- Posts: 6
- Joined: Sun May 16, 2021 4:30 pm
Re: draft HOWTO "Use a Windows CA with OpenVPN"
Here ya go:
https://docs.microsoft.com/en-us/window ... tall-win10
Just install as per Microsoft's instructions then generate the CA's under Ubuntu using OpenSSL per the OpenVPN's instructions. As you can see by the above Microsoft has Ubuntu running seamlessly on the desktop.
Wow, Microsoft and Linux, together! Hope nobody's head explodes!
Haven't you heard, they aren't fighting anymore: https://cloudblogs.microsoft.com/window ... ves-linux/
Oh wait, you want to use WINDOWS CA? Well sorry, that's what you get when you try to reanimate zombie threads... Guess I COULD have posted the instructions to install OpenSSL under Windows instead...
Seriously, why would you want to use a screwdriver to hammer in nails??? Best tool for the job even Microsoft admits to that now.
https://docs.microsoft.com/en-us/window ... tall-win10
Just install as per Microsoft's instructions then generate the CA's under Ubuntu using OpenSSL per the OpenVPN's instructions. As you can see by the above Microsoft has Ubuntu running seamlessly on the desktop.
Wow, Microsoft and Linux, together! Hope nobody's head explodes!
Haven't you heard, they aren't fighting anymore: https://cloudblogs.microsoft.com/window ... ves-linux/
Oh wait, you want to use WINDOWS CA? Well sorry, that's what you get when you try to reanimate zombie threads... Guess I COULD have posted the instructions to install OpenSSL under Windows instead...
Seriously, why would you want to use a screwdriver to hammer in nails??? Best tool for the job even Microsoft admits to that now.
-
- OpenVPN Protagonist
- Posts: 11136
- Joined: Fri Jun 03, 2016 1:17 pm
Re: draft HOWTO "Use a Windows CA with OpenVPN"
Wow .. aviating pork ! -- Naivety is no defence.
You do know that M$ paid Seven Billion Dollars for github.com ?
The dust has not settled yet and most likely never will.
Anyway, why use Microsoft to manage a CA when OpenVPN provide the tools:
https://github.com/OpenVPN/easy-rsa
And additional tools to enhance that:
https://github.com/TinCanTech/easy-tls
https://github.com/TinCanTech/easy-pfp
-
- OpenVpn Newbie
- Posts: 4
- Joined: Thu Oct 09, 2014 12:46 pm
Re: draft HOWTO "Use a Windows CA with OpenVPN"
Because there is no better way to manage computers running windowsTinCanTech wrote: ↑Fri May 21, 2021 11:05 pmAnyway, why use Microsoft to manage a CA when OpenVPN provide the tools:
https://github.com/OpenVPN/easy-rsa
And additional tools to enhance that:
https://github.com/TinCanTech/easy-tls
https://github.com/TinCanTech/easy-pfp
With windows CA (and active directory) you have:
* Seamless certificate issue and renewal. The user is not required to do anything to have it's certificate issued and regularly renewed.
* Unexportable certificates - once issued, can't be stolen.
-
- OpenVPN Protagonist
- Posts: 11136
- Joined: Fri Jun 03, 2016 1:17 pm
Re: draft HOWTO "Use a Windows CA with OpenVPN"
Why trust Microshaft to do that which you can do better for yourself ?
Remember the Anti-Trust Law Suit ?
Naivety is no defence ..
Remember the Anti-Trust Law Suit ?
Naivety is no defence ..
-
- OpenVpn Newbie
- Posts: 4
- Joined: Thu Oct 09, 2014 12:46 pm
Re: draft HOWTO "Use a Windows CA with OpenVPN"
I could be wrong...
Please name at least one usable by openvpn alternative where you can issue/renew certificate without having the private key in plain text without an easy way to copy it?
Please name at least one usable by openvpn alternative where you can issue/renew certificate without having the private key in plain text without an easy way to copy it?