2 minute read
Use Case:
To secure an OVAS without purchasing an SSL-Cert from an authority.
Steps:
To configure SSL we need to have three files, in case of using Let’s Encrypt we will use the next files to create them:
To secure an OVAS without purchasing an SSL-Cert from an authority.
Steps:
To configure SSL we need to have three files, in case of using Let’s Encrypt we will use the next files to create them:
- *.crt – it’s our fullchain.pem file
- *.key – privkey.pem file
- *.bundle – will be created from fullchain.pem and privkey.pem
Check Let’s Encrypt existing files:
root@openvpnas2:/etc/letsencrypt/live/vpn.example.com# ls -l total 4 lrwxrwxrwx 1 root root 42 Feb 22 10:56 cert.pem -\\gt ../../archive/vpn.example.com/cert1.pem lrwxrwxrwx 1 root root 43 Feb 22 10:56 chain.pem -\\gt ../../archive/vpn.example.com/chain1.pem lrwxrwxrwx 1 root root 47 Feb 22 10:56 fullchain.pem -\\gt ../../archive/vpn.example.com/fullchain1.pem lrwxrwxrwx 1 root root 45 Feb 22 10:56 privkey.pem -\\gt ../../archive/vpn.example.com/privkey1.pem
Install the private key to OpenVPN server:
root@openvpnas2:/etc/letsencrypt/live/vpn.example.com# /usr/local/openvpn_as/scripts/sacli --key cs.priv_key --value_file privkey.pem ConfigPut
[True, {}]
Install its public cert:
root@openvpnas2:/etc/letsencrypt/live/vpn.example.com# /usr/local/openvpn_as/scripts/sacli --key cs.cert --value_file fullchain.pem ConfigPut
[True, {}]
“Generate” the bundle file – just by using cat for the fullchain.pem and privkey.pem:
root@openvpnas2:/etc/letsencrypt/live/vpn.example.com# cat fullchain.pem privkey.pem gt bundle.pem
Add it to the OpenVPN AS:
root@openvpnas2:/etc/letsencrypt/live/vpn.example.com# /usr/local/openvpn_as/scripts/sacli --key cs.ca_bundle --value_file bundle.pem ConfigPut
[True, {}]
Restart the service:
root@openvpnas2:/etc/letsencrypt/live/vpn.example.com# /usr/local/openvpn_as/scripts/sacli start
RunStart warm None
{
errors: {},
service\\_status: {
api: on,
auth: on,
bridge: on,
client\\_query: restarted,
crl: on,
daemon\\_pre: on,
db\\_push: on,
ip6tables\\_live: on,
ip6tables\\_openvpn: on,
iptables\\_live: on,
iptables\\_openvpn: on,
iptables\\_web: restarted,
license: on,
log: on,
openvpn\\_0: on,
openvpn\\_1: on,
user: on,
web: restarted
}
}
WILL_RESTART ['web', 'client']
Check the UI now:
OpenVPN AS hostname
And the last step here will be to configure server’s hostname if this wasn’t made during initial setup.
Go to the Admin UI =gt Network Settings:
Last modified
April 29, 2025