OpenVPN Support Forum

hello,
i try to build different instance of ovpn but with different certificate. I explain myself: by default if i have a certificate it is a certificate for any instance of openvpn so a user can use any instance just by modifying client.conf. so if i want to secure each network i have to use 1 machine per network.
so my question is: it is possible to configure openvpn to accept a certificate on only one instance ?

thanks to anyone who have an idea on this.

Certificate authority file (ca) can contain multiple certificates. There is option (capath) that specifies different certificate files. Try to use these on the server pointing to all the ca certificates you want to modify.

I understand that you want to set up new OpenVPN connection in your network with different settings, isn't it? You can use OpenVPN configuration to set its daemon to accept multiple clients with the same certificate. It may be accepted in small network, but you'll lose some security points.

kirua wrote:i try to build different instance of ovpn but with different certificate.
<s>
so my question is: it is possible to configure openvpn to accept a certificate on only one instance ?

To accept only one certificate on your new server use either

• a new PKI with only one client certificate or
• a --client-connect script to verify only one client from your existing client pool.