I setup an IKE VPN server for road warriors. I actually have this working (YAY!) but took some shortcuts that are leaving me with a working yet not-right/secure setup. My setup is as follows:
My server (DNS name vpn.mydomain.com) contains certs for:
- "mydomain CA" (certificate authority), LT, since i run my own CA
- "vpn-client-group-1", KT, this is the cert the client is connecting with (with Key on this end)
- "vpn.mydomain.com", KT, this cert has Alt name DNS:vpn.mydomain.com (and includes key)
My client contains certs for:
- "mydomain CA" (certificate authority), LT, since i run my own CA
- "vpn-client-group-1", KT, for connecting (with key on this end)
There are too many private keys above. Can someone tell me which certs, on which end, actually need the private key? Do I even need the vpn-client-group-1 cert on the server? (why)