By default, OpenVPN Access Server comes with a self-signed certificate to get you up and running. Your browser can’t automatically verify a self-signed certificate. Also, an OpenVPN client program can’t validate the server with that certificate. You see warnings about this in both browsers and VPN clients when connecting or importing connection profiles.
The web browser can automatically verify if you are connecting to the real server using valid signed SSL certificates, and automatically establish trust to the server. Then the web interface no longer displays a warning message about not being able to validate the server’s authenticity.
To set this up, you must first have the following configured:
- A fully qualified domain name (FQDN) that points to the public IP address where your Access Server is reachable from the internet.
- The FQDN is configured in the Admin Web UI in Configuration > Network Settings > Hostname or IP Address.
- Obtain a valid signed SSL certificate from a party that is trusted in your root certificates.
We recommend setting up Access Server with an FQDN. It is required for an SSL certificate to function correctly. And if the IP address of your Access Server ever changes you only need to update the DNS record for all clients to find your server again. If however, you choose to stay with just the IP address you must reinstall all clients if your server ever moves to another public IP address.
Once you have the FQDN set up you can refer to more detailed steps on this page: install an SSL certificate on the Access Server web server.