Certificate confusion

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Fwiler
Posts: 2
Joined: Fri Oct 19, 2018 5:51 pm

Certificate confusion

Post by Fwiler » Tue Oct 23, 2018 10:29 pm

I have SoftEther working on a Windows domain joined server behind our firewall. I'm currently using NT Authentication to log in over OpenVPN and it works fine.

What I would like to do is switch to signed certificate authentication for about 60 users. 10 Users do not have a domain joined computer though, so I'm not sure what I can do for them.
We have a current Windows issuing certificate authority and would like to use this.

But I'm stuck on how to get a certificate for SoftEther and for clients. In my experience a CSR is created at the server and then copied to the Issuing CA. The Issuing CA signs the CSR and then copied back to the server. On the server you complete the CSR request.

I do not see how you can do this with SoftEther. I see a Trusted CA Certificates button in which I could import our Root CA and Issuing CA.
I also see an Import button under Encryption and Network settings.

So I guess my question is, how do I create a CSR from SoftEther? And do my clients need a specific certificate issued, or because they are domain joined and already trust our Root CA and Issuing CA, they don't need a specific certificate.

Thanks.

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Certificate confusion

Post by thisjun » Thu Nov 01, 2018 8:53 am

Certificate function of SoftEther VPN is isolated from Windows Certificate system.
So, it doesn't make sense to use Windows Certificate system for SoftEther VPN.

It is easy to use the root certificate created by the certificate creation tool of SoftEther VPN Server Manager.

Post Reply