[Openvpn-users] How do I choose a specific Server Certificate?

Peter Davis via Openvpn-users Sat, 12 Jul 2025 02:52:26 -0700

Hello,
I used the following commands to generate the Server Certificate:

# cp -r /usr/share/easy-rsa /etc/openvpn/
# cd /etc/openvpn/easy-rsa
# mv vars.example vars


# nano vars

export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="NY"
export KEY_ORG="MyName"
export KEY_EMAIL="ad...@example.com"
export KEY_OU="OpenVPN"

# ./easyrsa init-pki
# ./easyrsa build-ca nopass
# ./easyrsa gen-req server nopass                        
# ./easyrsa sign-req server server
# ./easyrsa gen-dh
# openvpn --genkey secret ta.key

Then I edited the vars file with the new contents and issued the above commands 
to generate the new certificate. Then I created a directory for each 
certificate in the /etc/openvpn directory and moved the following files to the 
corresponding directory:

# cp ta.key /etc/openvpn/DIRECTORY_NAME
# cp pki/ca.crt /etc/openvpn/DIRECTORY_NAME
# cp pki/private/SERVER_NAME.key /etc/openvpn/DIRECTORY_NAME
# cp pki/issued/SERVER_NAME.crt /etc/openvpn/DIRECTORY_NAME
# cp pki/dh.pem /etc/openvpn/DIRECTORY_NAME

Now I want to generate keys for clients using the following commands:

# ./easyrsa gen-req client_name nopass
# ./easyrsa sign-req client client_name


How do I generate my client for a specific certificate?


Thank you.


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

[Openvpn-users] How do I choose a specific Server Certificate?

Reply via email to