Difference between revisions of "Mikrotik: Certificate Generate"
Jump to navigation
Jump to search
Print
Onnowpurbo (talk | contribs) (→Print) |
Onnowpurbo (talk | contribs) |
||
Line 60: | Line 60: | ||
Referensi: https://labkom.co.id/mikrotik/membuat-openvpn-di-mikrotik-dengan-client-windows | Referensi: https://labkom.co.id/mikrotik/membuat-openvpn-di-mikrotik-dengan-client-windows | ||
+ | |||
+ | dev tun | ||
+ | proto tcp-client | ||
+ | remote (IP Public OpenVPN Mikrotik) 1194 | ||
+ | ca cert_export_CA.crt | ||
+ | cert cert_export_sopyan.crt | ||
+ | key cert_export_sopyan.key | ||
+ | tls-client | ||
+ | port 1194 | ||
+ | persist-tun | ||
+ | persist-key | ||
+ | mute-replay-warnings | ||
+ | verb 3 | ||
+ | cipher AES-256-CBC | ||
+ | auth SHA1 | ||
+ | pull | ||
+ | auth-user-pass secret | ||
+ | route 172.17.0.1 255.255.255.0 172.31.31.1 | ||
+ | dhcp-option DOMAIN labkom.co.id |
Revision as of 15:08, 19 February 2022
Make certificate templates
/certificate add name=ca-template common-name=myCa key-usage=key-cert-sign,crl-sign add name=server-template common-name=server add name=client1-template common-name=client1 add name=client2-template common-name=client2
Sign certificates and add CRL url
Kita menggunakan IP public Mikrotik sebagai CRL URL. Proses ini butuh waktu, harus dilakukan satu per satu; jangan sekaligus.
/certificate # sign ca-template ca-crl-host=192.168.88.198 name=myCa sign ca-template ca-crl-host=192.168.0.150 name=myCa sign server-template ca=myCa name=server sign client1-template ca=myCa name=client1 sign client2-template ca=myCa name=client2
Trust Certificate
/certificate set myCa trusted=yes set server trusted=yes
Export Certificate
Export client certificates with keys and CA certificate:
/certificate export-certificate myCa # /certificate export-certificate client1 export-passphrase=xxxxxxxx # /certificate export-certificate client2 export-passphrase=xxxxxxxx /certificate export-certificate client1 export-passphrase=123456789 /certificate export-certificate client2 export-passphrase=123456789
FTP untuk download file crt & key. Dari Linux Client
ftp ip-mikrotik username admin
mget * quit
[admin@pe0] /certificate> print Flags: K - private-key, D - dsa, L - crl, C - smart-card-key, A - authority, I - issued, R - revoked, E - expired, T - trusted # NAME COMMON-NAME FINGERPRINT 0 K L A T myCa myCa 7fa636e6576495fe78f1a4... 1 K I T server server cf0650a291bf4685f2fbd3... 2 K I client1 client1 26233de30e89b203b946ab... 3 K I client2 client2 cf172b62201befaf8d8966...
Client UBUNTU
Referensi: https://labkom.co.id/mikrotik/membuat-openvpn-di-mikrotik-dengan-client-windows
dev tun proto tcp-client remote (IP Public OpenVPN Mikrotik) 1194 ca cert_export_CA.crt cert cert_export_sopyan.crt key cert_export_sopyan.key tls-client port 1194 persist-tun persist-key mute-replay-warnings verb 3 cipher AES-256-CBC auth SHA1 pull auth-user-pass secret route 172.17.0.1 255.255.255.0 172.31.31.1 dhcp-option DOMAIN labkom.co.id