Certs tied to servers?

Scripts to manage certificates or generate config files
Post Reply
OpenVpn Newbie
Posts: 3
Joined: Tue Apr 24, 2012 3:00 am

Certs tied to servers?

Post by lacoursj » Sun Oct 14, 2018 5:30 pm


I am hoping to gain some understanding of the low level process to create the X509 cert used by the client in the client config file. I have always used the easy-rsa scripts to generate certs, which kind of hides what is happening under the covers. Now I am trying to write some python to generate the certs, and in reviewing many examples, I find myself confused.

I thought the server's private key played a role in the client's certificate generation, such that the certificate would allow the client to connect to that particular server and no other. But all the examples I have been reviewing show that the client cert is signed only by the CA private key.

So does that mean that this cert will work with ANY OpenVPN server that used the same CA to sign its own key?

Is there a way to generate a cert that is only useful to one server, and not all of them?


Jeff LaCoursiere

Post Reply