Does my 1-click OpenVPN droplet need SSL to be secure?

September 10, 2019 75 views
VPN Security

I have a 1-click OpenVPN droplet, but when I go to the admin panel (https://[my-ip]/admin) it’s not using SSL. Does it need SSL to be secure, like if I connect to it from my phone is the traffic encrypted and/or secure? I figured the 1-click droplet should have everything pre-installed and set-up. I have a basic understanding of how VPN’s work but this is something I’m not sure about.

1 Answer
baraboom September 12, 2019
Accepted Answer

Hi,

This connection, https://[my-ip]/admin, will be encrypted - note the “https” at the beginning. The OpenVPN 1-Click option ships with what is known as a “self-signed” SSL certificate which most browsers do not trust. This is why the “page might not be trusted or secure” warning comes up when you try to visit a site with a self-signed cert. The data will still be encrypted, though.

If this was a commerce site or something you’d want to be highly accessible by more than yourself then you’d probably want to take a look at LetsEncrypt and setting up a free, “signed” SSL cert.

If this is just you accessing the admin and you trust that it is your Droplet, then there’s no technical need to change what you have.

Hope this helps, if you have any other questions or feedback please let us know.

Have another answer? Share your knowledge.