An igniting portfolio theme designed
to help you leave quite a mark.
Back to Top

WvW Official Website

Add SSL Certificate to OPENVPN Access Server

To configure SSL we need to have three files, in case of using Let’s Encrypt we will use the next files to create them:

  • *.crt – it’s our fullchain.pem file
  • *.keyprivkey.pem file
  • *.bundle – will be created from fullchain.pem and privkey.pem

Check Let’s Encrypt existing files:

root@openvpnas2:/etc/letsencrypt/live/vpn.example.com# ls -l
total 4
lrwxrwxrwx 1 root root  42 Feb 22 10:56 cert.pem -\> ../../archive/vpn.example.com/cert1.pem
lrwxrwxrwx 1 root root  43 Feb 22 10:56 chain.pem -\> ../../archive/vpn.example.com/chain1.pem
lrwxrwxrwx 1 root root  47 Feb 22 10:56 fullchain.pem -\> ../../archive/vpn.example.com/fullchain1.pem
lrwxrwxrwx 1 root root  45 Feb 22 10:56 privkey.pem -\> ../../archive/vpn.example.com/privkey1.pem

Install the private key to OpenVPN server:

root@openvpnas2:/etc/letsencrypt/live/vpn.example.com# /usr/local/openvpn_as/scripts/sacli --key "cs.priv_key" --value_file "privkey.pem" ConfigPut
[True, {}]

Install its public cert:

root@openvpnas2:/etc/letsencrypt/live/vpn.example.com# /usr/local/openvpn_as/scripts/sacli --key "cs.cert" --value_file "fullchain.pem" ConfigPut
[True, {}]

“Generate” the bundle file – just by using cat for the fullchain.pem and privkey.pem:

root@openvpnas2:/etc/letsencrypt/live/vpn.example.com# cat fullchain.pem privkey.pem > bundle.pem

Add it to the OpenVPN AS:

root@openvpnas2:/etc/letsencrypt/live/vpn.example.com# /usr/local/openvpn_as/scripts/sacli --key "cs.ca_bundle" --value_file "bundle.pem" ConfigPut
[True, {}]

Restart the service:

root@openvpnas2:/etc/letsencrypt/live/vpn.example.com# /usr/local/openvpn_as/scripts/sacli start
RunStart warm None
"errors": {},
"service\_status": {
"api": "on",
"auth": "on",
"bridge": "on",
"client\_query": "restarted",
"crl": "on",
"daemon\_pre": "on",
"db\_push": "on",
"ip6tables\_live": "on",
"ip6tables\_openvpn": "on",
"iptables\_live": "on",
"iptables\_openvpn": "on",
"iptables\_web": "restarted",
"license": "on",
"log": "on",
"openvpn\_0": "on",
"openvpn\_1": "on",
"user": "on",
"web": "restarted"

WILL_RESTART ['web', 'client']

Check the UI now:

OpenVPN AS hostname

And the last step here will be to configure server’s hostname if this wasn’t made during initial setup.

Go to the Admin UI => Network Settings:


Post a Comment