Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Tunnel with Intermediate certificate(s)

    OpenVPN
    1
    1
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Reiner030
      last edited by

      Hi,

      it seems that this was not fully tested?
      I need some time to figure out how it works correctly because the openvpn error messages points into the wrong direction…
      Here documentation if someone also need this:

      Server => got external root CA imported; created intermediate CA.
      Client => got external root CA + intermediate CA imported

      My server holds the intermediate CA

      1. setting in openvpn server section certificate depth to Two..Five
        But this is - for my tested selfsigned local CA - not enough.
      2. I must also setup an additional dummy CA which holds the public intermediate cert 1st and the public selfsigned root CA below it (no keys needed).
      3. select the dummy Intermediate CA "Bundle" as CA (and let the CRL of the intermediate CA)

      Same needed for client side:
      a) dummy CA with public intermediate/root CA crt (no keys needed)
      b) select dummy CA-bundle

      then both sides can connect fine ;)

      Feature requests:

      • Possibility to verify imported certs automatically in chain if certs are imported / perhaps also if externally available as URL
      • Optional : Also select on client side verify of server, verify depth for ca cert (which chain must be available imported/remote as URL)
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.