Certificate authentication

Since the release of OpenVPN 2.x, certificate authentication has been the most prolific deployment of OpenVPN in the wild. The earlier static key only supported two remote endpoints, neither really being a client nor a server. This is not useful when more than a single remote client is desired.

Certificate chain overview

X.509 is a notable standard for Public Key Infrastructure (PKI), defining a hierarchical topology of CAs and their signed child certificates. The general concept is that, at that root of the chain, is an authority certificate, the CA. This CA certificate can be used to sign child certificates. Anyone (or thing, system, and so on) that trusts the root, inherently trusts the child certificates.

CA has the ...

Get Troubleshooting OpenVPN now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Troubleshooting OpenVPN by Eric F Crist

Certificate authentication

Certificate chain overview

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly