Page 1 of 1

Safe way to share certs and keys

Posted: Tue Mar 21, 2023 3:23 pm
by latot
Hi!, I'm new in all this of the openVPN.

I was able to finish the first "How To" and run a basic VPN server, with the server and clients keys (but I only made 1).

Well, I want in some time test it with other ppl, but I notice something, the client config file, needs four file.

ca.crt (can be public)
client1.crt (can be public)
client1.key (can't be public)
ta.key (no idea)

How openVPN needs this four files... I'm asking how can I share them in a safe way. Ideally in a easy way too, send all the files in a zip, is not the easiest way for a non technical user.


Re: Safe way to share certs and keys

Posted: Tue May 16, 2023 9:18 am
by Fadim
Hi @latot,

First off, congrats on getting your basic VPN server up and running! Now about your question, it's critical to securely share these files as they're essentially the keys to your VPN kingdom.

You're right that the client1.key needs to be kept secret. The same goes for ta.key, it's a shared secret key for added security and shouldn't be made public either.

For a secure yet user-friendly way to share these files, you might consider using a password-protected ZIP file. You can then send the password via a different communication channel for added security.

Another option could be to use a secure file transfer service, such as those provided by cloud storage providers, which offer end-to-end encryption.

Remember to always share these files securely, and never over unencrypted email.

Good luck with your VPN project!