Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenVPN ca.key stored ?

Discussion in 'Asuswrt-Merlin' started by Rooby, Aug 12, 2017.

  1. Rooby

    Rooby Occasional Visitor

    Joined:
    May 2, 2013
    Messages:
    41
    Hello

    I just looked at the /jffs/openvpn/ foder and I found a vpn_crt_server1_ca_key file.
    I also found ca.key on /etc/openvpn/server1/
    But ca.key should never be stored on the router only the ca.crt.

    Also there is a vpn_crt_server_client_crt and vpn_crt_server_client_key file . But I have not enabled any OpenVP client on the router.

    Are these files filled with random values ? Are they somehow used?

    Rooby
     
  2. RMerlin

    RMerlin Part of the Furniture

    Joined:
    Apr 14, 2012
    Messages:
    24,884
    Location:
    Canada
    If you let the router automatically generate a CA for you, then it will need to generate a key before it can generated the self-signed CA (which will be used to sign the server certificate).

    I assume Asus preserve these files because, since they are auto-generated, they can't be stored anywhere else without user intervention, and the user might need them if he were to expand the default configuration into one involving client certificates.

    If you need to tighten security, then my recommendation would be to not rely on the auto-generated files, and generate everything yourself using Easy-RSA or otherwise. Then you can keep only what is really necessary on your router, and move the rest elsewhere.
     
  3. Rooby

    Rooby Occasional Visitor

    Joined:
    May 2, 2013
    Messages:
    41
    Thanks RMerlin.
    I do my keys anyway be myself. So you mean I can delete the ones which are not used?
     
  4. RMerlin

    RMerlin Part of the Furniture

    Joined:
    Apr 14, 2012
    Messages:
    24,884
    Location:
    Canada
    Yes, tho they shouldn't have any impact anyway if they aren't used.
     

Share This Page