O'Reilly logo

Mastering OpenVPN by Jan Just Keijser, Eric F Crist

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 3. PKIs and Certificates

Primarily, OpenVPN uses X.509 certificates for client authentication and VPN traffic encryption, though this support can be disabled. Looking at the mailing list and IRC channel history, setup and maintenance of the Private Key Infrastructure (PKI) for X.509 certificates is a difficult concept, and can be a cumbersome task.

The OpenSSL binary has all the tools required to manually manage a PKI, but the command options are complicated and, if not automated, can be prone to error. It is recommended that organizations or individuals use a script or other package to manage their PKI. Not only does this limit errors, but also rules and other general criteria can be better adhered to.

Two open source projects exist that ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required