OPVN Server: Difference between revisions
No edit summary |
No edit summary |
||
| Line 8: | Line 8: | ||
add name=CA common-name=CA days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign | add name=CA common-name=CA days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign | ||
Yang menggunakan WinBox dapat diikuti seperti gambar berikut : | Yang menggunakan WinBox dapat diikuti seperti gambar berikut : | ||
[[File: | [[File:Ovpn-1.png|link=https://drive.google.com/uc?id=1qanQdO5KAFamIbil11r64QkXTRVgbRJl|center|500px|New Certificate > CA|thumb]] | ||
[[File: | [[File:Ovpn-2.png|center|500px|Key Usage > CA|thumb]] | ||
add name=server-template common-name=*.example.com days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server | add name=server-template common-name=*.example.com days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server | ||
[[File: | [[File:Ovpn-4.png|center|500px|New Certificate > Server|thumb]] | ||
[[File: | [[File:Ovpn-5.png|center|500px|Key Usage > Server|thumb]] | ||
add name=client common-name=client days-valid=3650 key-size=2048 key-usage=tls-client | add name=client common-name=client days-valid=3650 key-size=2048 key-usage=tls-client | ||
[[File:Ovpn4.png|link=https://drive.google.com/uc?id=1hIFuzv6i26r3nNP6bXxXZuOSx9ZBMQ92|center|500px|New Certificate > Client|thumb]] | [[File:Ovpn4.png|link=https://drive.google.com/uc?id=1hIFuzv6i26r3nNP6bXxXZuOSx9ZBMQ92|center|500px|New Certificate > Client|thumb]] | ||
| Line 22: | Line 22: | ||
/certificate | /certificate | ||
sign ca ca-crl-host=108.87.62.201 name=ca-certificate | sign ca ca-crl-host=108.87.62.201 name=ca-certificate | ||
[[File: | [[File:Ovpn-3.png|center|500px|Sign > CA|thumb]] | ||
sign server name=server-certificate ca=ca-certificate | sign server name=server-certificate ca=ca-certificate | ||
[[File: | [[File:Opvn-6.png|center|500px|Sign > Server|thumb]] | ||
sign client name=client-certificate ca=ca-certificate | sign client name=client-certificate ca=ca-certificate | ||
Untuk CA ada beberapa yang menggunakan : | Untuk CA ada beberapa yang menggunakan : | ||
sign ca name=ca-certificate | sign ca name=ca-certificate | ||
Untuk diperhatikan progress saat sign sampai berhasil : <b>done</b> | Untuk diperhatikan progress saat sign sampai berhasil : <b>done</b> | ||
Revision as of 16:38, 16 January 2024
Syarat :
1. Memiliki IP Publik (contoh : 108.87.62.201) 2. Membuat Certificate di Mikrotik.
Jika syarat 1 sudah dipenuhi, lanjut ke syarat 2.
Membuat Certificate
/certificate add name=CA common-name=CA days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign
Yang menggunakan WinBox dapat diikuti seperti gambar berikut :
add name=server-template common-name=*.example.com days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server
add name=client common-name=client days-valid=3650 key-size=2048 key-usage=tls-client
Untuk client dapat dibuat beberapa certificate yang berbeda untuk tiap client (sesuaikan dengan jumlah client).
add name=client1 common-name=client days-valid=3650 key-size=2048 key-usage=tls-client
Sign Certificate
/certificate sign ca ca-crl-host=108.87.62.201 name=ca-certificate
sign server name=server-certificate ca=ca-certificate
sign client name=client-certificate ca=ca-certificate
Untuk CA ada beberapa yang menggunakan :
sign ca name=ca-certificate
Untuk diperhatikan progress saat sign sampai berhasil : done