Tag Archives: Certificate Authority

Building an Active Directory Authenticated and Managed OpenVPN Server Part 3

Now that OpenVPN was all set up, the only thing left to do was the Automation. The script that I created, takes care of the certificate/key creation of the users, the configuration customization, the configuration delivery, the Certificate Revoke List creation and configuration updates. Since this article is almost exclusively about one script, I will first loose few words about each of the main functions and post the entire script afterwards.

Continue reading Building an Active Directory Authenticated and Managed OpenVPN Server Part 3

Building an Active Directory Authenticated and Managed OpenVPN Server Part 2

After I outlined the goals for my Project in the last Article, it is time to get to work. This Article will cover the installation and configuration of OpenVPN. I will also explain how chained certificates can be used with OpenVPN. If you follow the my steps, you will have functioning OpenVPN server at the end. My first step was to create a new KVM machine and install Debian Wheezy. I am going to skip the description and assume, that you already have a functioning Linux to install OpenVPN on.

Continue reading Building an Active Directory Authenticated and Managed OpenVPN Server Part 2

Automating the CRL generation and distribution of an OpenSSL Certificate Authority

In my previous Article i described, how i created the PKI for my Home Network. This time i will show you how i implemented a few small scripts to automate the necessary maintenance for my PKI. Continue reading Automating the CRL generation and distribution of an OpenSSL Certificate Authority

Building a PKI with OpenSSL

In preparation of my new OpenVPN Server, I needed a PKI (Private Key Infrastructure). A PKI is basically just a way of managing digital certificates. My software of choice for this is OpenSSL, it lets you create certificates for pretty much every usage scenario and SSL is the standard for many encryption scenarios. I actually build a new PKI for my web Servers, but there some issues with it, that convinced me to create an entirely new PKI instead of just a sub CA for OpenVPN. This time i am documenting my approach, mostly to actually have some documentation on the subject, but also to help others avoid the mistakes I made with my old PKI. Continue reading Building a PKI with OpenSSL