Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Rolling out a OpenVPN PKI on a Active Directory (as in October Hangout)

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 460 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      emden09
      last edited by

      Assume I have an Active Directory with about 50 Users. Each User has at least 4 Devices as there is 2 Windows PCs (Homeoffice, Roadwarrior Laptop) + 2 mobile either iOS or Android Phone + Tablet. According to October hangout best partice (OpenVPN with independend PKI and Radius Authentication) I would have to Setup a PKI with 50 x 4 (200) Certificates and export each of them manually using the Export-Wizzard. After that I would have to distribute 50 Memorysticks one to each user, to make them able to install the cetificates on their very devices. Actually I can’t evene believe anyone ever did that with a smaller (none the less a bigger) AD.

      So here’s my question:

      what is the best practice for establishing and afterwards rolling out a new PKI for an AD-Domain assumed you have more than one user where it might be practical to do the stuff manually without any script or server support. (Yes, we have LDAP in place, but htere seems to be no script to import all LDAP Users into a pki and ff.)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.