Generating client certificate requests from server

Support forum for Easy-RSA certificate management suite.
Post Reply
OpenVpn Newbie
Posts: 1
Joined: Wed May 16, 2018 1:30 pm

Generating client certificate requests from server

Post by nebbishnathan » Wed May 16, 2018 1:46 pm


I want to generate my client certificate requests from my server, have my standalone CA machine sign the requests, send the keys/certs back to the server, then run the client keys and certs through a configuration file generation script which will add the contents of these files directly to client config files (similar to Step 10 in this guide: ... astructure) and then transfer the config files to the appropriate clients. The reason for this is that I could easily create config files for all my clients without having to install EasyRSA on every one and generating all their requests from separate devices.

My question is whether this process would be insecure and, if so, for what reason? It seems like it could be an easy way to generate multiple client certs/keys, but I'm having trouble finding any other guides that recommend this method.

FWIW, I'm running EasyRSA 3.0.4 on Ubuntu (on both the CA and OpenVPN servers).

Post Reply