OpenVPN with a Windows Certificate Services PKI

windows vpn openvpn certificate pki
6,355

Yep, it's perfectly possible. x509 is x509.

OpenVPN 2.1 (beta, but perfectly stable) supports CryptoAPI. We use it one a daily basis.

To use your existing PKI just give the OpenVPN server a copy of the CA. You can specify which clients can login in, if you don't want everyone on the CA to have access, by using CCD. Then place the following in your client configs:

cryptoapicert "THUMB:<cert_thumb>"

You can copy/paste the <cert_thumb> from the certificate details in the Windows personal cert store.

Auto Enroll is a pain and it's been a while since I struggled with it. But it does work, eventually.

Share:
6,355

Related videos on Youtube

Johannes Rudolph
Author by

Johannes Rudolph

Founder &amp; CTO at meshcloud, helping organizations build better cloud foundations to power digital transformation.

Updated on September 17, 2022

Comments

  • Johannes Rudolph
    Johannes Rudolph over 1 year

    has anyone tried using OpenVPN with certificates generated by Windows Certificate Services? In theory this should work.

    The provided easy-rsa PKI is not very comfortable to manage for many users. I do already have a ActiveDirectory set up and I'd ideally want to have AD integration for the certificates. I have followed this guide to set auto enrollment for a user group. However i cant even make sure if the corresponding user has been succesfully assigned a certificate. It seems overly complex to me.

    http://www.isaserver.org/img/upl/vpnkitbeta2/autoenroll.htm

  • Dan Carley
    Dan Carley almost 15 years
    PS: Apparently you can use SUBJ instead of THUMB. I haven't confirmed myself, but that would be easier.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Run openvpn without GUI in the client mode
openvpn connection only for specific websites
OpenVPN upgrade existing certificates from MD5
Multiple OpenVPN connections from one client to one server - connection reset
I can connect to VPN using openvpn but I can't get internet
CA certificate expired on openvpn
OpenVPN - Connects but no internet on Linux, works perfectly on Windows
Setting DNS servers using OpenVPN client config file
Options error: Unrecognized option or missing or extra parameter(s) in Test.ovpn:1: ÿþc (2.4.9)
Not redirecting all traffic through OpenVPN?