Client Certificate generation

Scripts to manage certificates or generate config files
Post Reply
Bigjohn
OpenVpn Newbie
Posts: 5
Joined: Thu May 27, 2021 8:15 pm

Client Certificate generation

Post by Bigjohn » Thu May 27, 2021 8:26 pm

Hi everyone.
I'm learning, so please be kind... hard to teach old dogs new tricks.
I setup OpenVPN on my tomato router so that I can reach my house to support the family while traveling. I have one client certificate, and it works fine. FYI I followed this guide: https://learntomato.flashrouters.com/se ... rtificate/

Now I need to get a second client connected, and reading through the instructions I don't see a clearly delineated "create another client" process. Just hoping that someone here might be kind enough to help me learn the exact steps I have to take to get a new laptop to connect using a separate cert. so they can both be used at the same time.

Very many thanks in advance! Here's to learning something new every day!
John

User avatar
TinCanTech
Forum Team
Posts: 9239
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client Certificate generation

Post by TinCanTech » Thu May 27, 2021 8:45 pm

Type: build-key client-bob

You may like to try https://github.com/OpenVPN/easy-rsa

Bigjohn
OpenVpn Newbie
Posts: 5
Joined: Thu May 27, 2021 8:15 pm

Re: Client Certificate generation

Post by Bigjohn » Fri May 28, 2021 1:44 pm

TinCanTech wrote:
Thu May 27, 2021 8:45 pm
Type: build-key client-bob

You may like to try https://github.com/OpenVPN/easy-rsa
So with OpenVPN installed on my first pc - from the instructions on the site in my original post- I did this step, and installed it on the router -
"The ‘build-ca’ command will output two very important files; a CA certificate and key"

So with that installed on the router, and the CA key on my OpenVPN installation, can I just follow the "create client" steps and have a key that will work?? That's what I'm not certain of. all my 'certificate' knowlege to date has been around the creation of stuff for webservers so I can purchase certificates....

Thanks!
John

Bigjohn
OpenVpn Newbie
Posts: 5
Joined: Thu May 27, 2021 8:15 pm

Re: Client Certificate generation

Post by Bigjohn » Wed Jun 02, 2021 7:16 pm

Any help guys? Thanks much in advance...

User avatar
TinCanTech
Forum Team
Posts: 9239
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client Certificate generation

Post by TinCanTech » Wed Jun 02, 2021 7:37 pm

If you need help understanding tomato then ask tomato.

If you need help with easy-rsa then I already gave you the link.

Bigjohn
OpenVpn Newbie
Posts: 5
Joined: Thu May 27, 2021 8:15 pm

Re: Client Certificate generation

Post by Bigjohn » Thu Jun 10, 2021 7:09 pm

Hi TinCanTech!
I think I have the Tomato bits down; I have one client connecting to the router now.
My question is around creating additional certificates that the server will allow to connect.

Thanks!

Bigjohn
OpenVpn Newbie
Posts: 5
Joined: Thu May 27, 2021 8:15 pm

Re: Client Certificate generation

Post by Bigjohn » Wed Jun 16, 2021 12:33 pm

So my question is do I need to install something on the server for each client? or is the CA cert that I installed, and have on my primary PC, used when I run the client create to create a certificate that will automatically be recognized?

User avatar
TinCanTech
Forum Team
Posts: 9239
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client Certificate generation

Post by TinCanTech » Thu Jun 17, 2021 11:18 am


Post Reply