posted on June 23rd 2011, at 17:37
by lunarg
Since version 2.0, OpenVPN has the ability to use PKCS12-files as TLS/SSL keys for accessing an OpenVPN server. The advantage of this is that you only have one key file containing the private and public key of the client and the CA certificate.

Creating such a certificate storage file can be done very easily when you already have the individual files, using OpenSSL.

openssl pkcs12 -export -in my-vpn.crt -inkey my-vpn.key -certfile my-ca.crt -out my-vpn.p12

Run the command above, matching the file names to the ones you have. Optionally, you can type in a password to secure the PKCS12 file.

Next, adjust your OpenVPN config: remove all the lines to your certificate and key files and add a s  ...