Configuration: Web Server
About the Page
Configuration: Web Server Configuration provides you with general information about the SSL web server certificates and keys; the ability to upload CA bundle files, certificates, and keys; and the ability to validate selected certificates and keys.
Web Server Configuration page.
Server Certificate Information
This first section details the information about the SSL web certification and the key as seen in the screenshot linked below. You may have noticed when you started using the OpenVPN Access Server product, you encountered warnings about your browser not trusting the Admin Web UI's security certificate. When you have setup Access Server with a verified and trusted SSL certificate, you will no longer receive these messages, and you will know that the connection with the server is guaranteed with a properly signed certificate.
In order to set this up, you'll need to use a Fully Qualified Domain Name (FQDN). This cannot be done if you are using an IP address to connect to Access Server. Please refer to the following link for more information: Installing a valid SSL Web certificate in Access Server.
Validation Results section.
Adding a Certification Bundle
This section is where you upload your commercial SSL web certificate bundle. If possible, it is recommended to provide a valid web cert from a root authority to avoid the warnings associated with a self-signed certificate. Read Installing a valid SSL Web certificate in Access Server for more detailed information.
Add Certification sections.
To upload and validate your own certificate, 3 items are needed:
- Signed certificate from your certificate authority
- CA bundle, or intermediary files from your certificate authority
- Private key that was created when making the certificate signing request
The certification file format should be Apache compatible format which can also be referred to as X509/Base64 or PEM/CER format. If you have received files in .p12 or .pfx format, then those are of a type that are suitable for Windows platforms but not for the Linux OpenVPN Access Server product. It is however possible to convert the certificates to the required format using the DigiCert Certificate Utility.
Once the CA bundle, certificate and private key are uploaded, you will be able to use the Validate button to check if the certification bundle is valid. There is also a Revert option that will revert the web server back to the previously saved certificate if any errors are present.
Configuration: Web Server Configuration allows you to configure the certification settings of your Access Server. You can view information about the certification bundle, upload your own certification, and revert the certification to the previous certification.