Documentation< Previous | Contents | Next >
1.2.3. Client Certificates
The VPN client will also need a certificate to authenticate itself to the server. Usually you create a different certificate for each client. To create the certificate, enter the following in a terminal while being user root:
cd /etc/openvpn/easy-rsa/ source vars
./build-key client1
Copy the following files to the client using a secure method:
• /etc/openvpn/ca.crt
• /etc/openvpn/easy-rsa/keys/client1.crt
• /etc/openvpn/easy-rsa/keys/client1.key
As the client certificates and keys are only required on the client machine, you should remove them from the server.