Page 1 of 1

Certificate confusion

Posted: Tue Oct 23, 2018 10:29 pm
by Fwiler
I have SoftEther working on a Windows domain joined server behind our firewall. I'm currently using NT Authentication to log in over OpenVPN and it works fine.

What I would like to do is switch to signed certificate authentication for about 60 users. 10 Users do not have a domain joined computer though, so I'm not sure what I can do for them.
We have a current Windows issuing certificate authority and would like to use this.

But I'm stuck on how to get a certificate for SoftEther and for clients. In my experience a CSR is created at the server and then copied to the Issuing CA. The Issuing CA signs the CSR and then copied back to the server. On the server you complete the CSR request.

I do not see how you can do this with SoftEther. I see a Trusted CA Certificates button in which I could import our Root CA and Issuing CA.
I also see an Import button under Encryption and Network settings.

So I guess my question is, how do I create a CSR from SoftEther? And do my clients need a specific certificate issued, or because they are domain joined and already trust our Root CA and Issuing CA, they don't need a specific certificate.


Re: Certificate confusion

Posted: Thu Nov 01, 2018 8:53 am
by thisjun
Certificate function of SoftEther VPN is isolated from Windows Certificate system.
So, it doesn't make sense to use Windows Certificate system for SoftEther VPN.

It is easy to use the root certificate created by the certificate creation tool of SoftEther VPN Server Manager.