OpenVPN: Using self signed instead of commercial certificates

When my commercial SSL certificate for OpenVPNAS from StartCom expired, I decided to switch back to using self-signed certificates for the same. This is fairly easy to do if you have root access to the appliance.

Just change directories to:
# cd /usr/local/openvpn_as/etc/web-ssl

and then execute this command for a 10 year certificate:
# openssl req -x509 -newkey rsa:2048 -keyout server.key -out server.crt -days 3650 -nodes

You will now need to restart the appliance (either by using sacli or just by restarting the appliance). Lastly, manually add the certificate to the browser to get rid of the security warning every time you logon.

Leave a Reply

Your email address will not be published. Required fields are marked *