Since the release of OpenVPN 2.x, certificate authentication has been the most prolific deployment of OpenVPN in the wild. The earlier static key only supported two remote endpoints, neither really being a client nor a server. This is not useful when more than a single remote client is desired.
Certificate chain overview
X.509 is a notable standard for Public Key Infrastructure (PKI), defining a hierarchical topology of CAs and their signed child certificates. The general concept is that, at that root of the chain, is an authority certificate, the CA. This CA certificate can be used to sign child certificates. Anyone (or thing, system, and so on) that trusts the root, inherently trusts the child certificates.
CA has the ...