Importing the CA certificates for OpenVPN clients and internal domains.

[kaushalshriyan]

Hi,

I am currently testing the internal domain (https://internal.myexample.com) using the existing Internal CA setup using easyrsa to share those VPN clients and SSL CERTIFICATES for rendering internal domain within VPN network.

sudo apt-get update sudo apt-get install -y easy-rsa mkdir ~/easy-rsa ln -s /usr/share/easy-rsa/* ~/easy-rsa/ cd ~/easy-rsa ./easyrsa init-pki ./easyrsa build-ca ./easyrsa gen-req client1 nopass ./easyrsa sign-req client client1 ./easyrsa gen-req internal wildcard nopass ./easyrsa sign-req server internal

This ensures that clients trust the CA for both VPN connections and internal domain SSL certificates.

By setting up a CA to issue certificates for both OpenVPN clients and internal domains, we can ensure secure communication within your network. Make sure to distribute and import the CA certificate into both the system and browser trust stores for seamless operation. This setup enhances security and simplifies certificate management for your internal infrastructure.

Are there any alternatives or options to avoid importing the CA certificates for OpenVPN clients and internal domains into client devices as per the instructions below? Can it be automated etc... or any alternative?

Windows: Follow the steps to import ca.crt into the Trusted Root Certification Authorities store via MMC. macOS: Use Keychain Access to import ca.crt into the System keychain. Linux: Place ca.crt in the appropriate directory and update the CA certificates (e.g., /usr/local/share/ca-certificates/ and sudo update-ca-certificates for Debian/Ubuntu).

Please guide.

Best Regards,

Kaushal

[TinCanTech]

Are there any alternatives or options to avoid importing the CA certificates for OpenVPN clients and internal domains into client devices

Yes, you can use OpenVPN Peer-fingerprint mode.