App Support.

We're here to help.



Creating Certificates and Keys for your OpenVPN Server

Introduction

A number of the OpenVPN server setup guides require you to generate your own certificates and keys on your client device. Here, we will describe the steps required to generate these credential files.

We have an easy to use tool available called OpenVPN Configuration Generator available for for Mac, Ubuntu and Windows which allow you to generate a server and client configs very quickly.

OpenVPN Configuration Generator

We have made a new tool available for simplifying the process of creating credentials and configurations for your server and Viscosity called the OpenVPN Configuration Generator. To get started download and install the correct version for your operating system from our GitHub page here.

More information on this tool is available here.

When running 'openvpn-generate init', you will see the following option halfway through the process:

Would you like to use anonymous defaults for certificate details? [Y/n]:

Answering Yes to this option sets the Distinguished Name (DN) of the certificate to CN=<Your Server Address>. This may be important to you if anonymity is important as the information on the certificate is not private and could potentially be accessed by anyone. If you wish to fill in the DN information though, for example if you are setting up a server for a company, you can answer No and fill in the details for the server certificates as required.

The OpenVPN Configuration Generator also has extra commands to customise algorithms and curves, for more information on this, run openvpn-generate --help

Mac

To get started, download and extract the tar.gz package from GitHub. This package only contains a single file, openvpn-generate itself.

Next, open up a Terminal window and create a new directory to store your configurations and then change into it, for example:

cd ~

mkdir configs

cd configs

Next, copy openvpn-generate here with Finder, or with the following if you extracted openvpn-generate into your Downloads folder:

cp ~/Downloads/openvpn-generate .

You can also open this folder in Finder using the following:

open .

Ensure openvpn-generate has execute permissions:

chmod +x openvpn-generate

Now we can initialise a new configuration by running the following and following the instructions on screen:

./openvpn-generate init

Once this is finished, a new directory will be created named "server". This contains a ready to go server configuration you can copy to where you will run your OpenVPN server and start up, feel free to make any changes you wish.

Creating new clients is even easier. Run the following and follow the prompts:

./openvpn-generate client

Client configurations can then be found in the "clients" directory as visz files, ready to be imported into Viscosity with a double click, or copied to another PC or Mac. You can generate as many clients as you need, just remember to give each one a unique name.

Linux

To get started, open a Terminal window, or SSH into your server. Download and install the appropriate installer file from GitHub for your distribution.

Next, create a new directory to store your configurations in and then change into it. For example:

cd ~

mkdir configs

cd configs

Next, initialise a new configuration by running the following and following the instructions on screen:

openvpn-generate init

Once this is finished, a new directory will be created named "server". This contains a ready to go server configuration you can copy to where you will run your OpenVPN server and start up, feel free to make any changes you wish.

Creating new clients is even easier. Run the following and follow the prompts:

openvpn-generate client

Client configurations can then be found in the "clients" directory as visz files, ready to be sent to clients which they can import with a double click. You can generate as many clients as you need, just remember to give each one a unique name.

You can also automate the creation of clients. For example, if you have a script that sets up a new user on your network, you can create a new user named "client1" with no input using the following:

openvpn-generate client --name client1

cp clients/client1.visz /copy/to/somewhere/else

Windows

To get started, download and install the correct MSI for your architecture (x86 or x64), then open a command prompt by going to start and searching for "Command Prompt", or using Windows+R and running 'cmd'.

In the new window, create a new directory on your computer and change into it. For example, to create a configs directory in your Documents, run the following from Command Prompt:

cd C:\Users\<your username>\Documents

mkdir configs

cd configs

Next, initialise a new configuration by running the following and following the instructions on screen:

openvpn-generate init

Once this is finished, open up the directory and you will find a folder named "server", which contains a ready to go server configuration you can copy to where you will run your OpenVPN server and start up, feel free to make any changes you wish. To quickly open up this directory from Command Prompt, type the following:

explorer .

Creating new clients is even easier. Run the following and follow the prompts:

openvpn-generate client

Client configurations can then be found in the "clients" directory as visz files, ready to be imported into Viscosity with a double click, or copied to another PC or Mac. You can generate as many clients as you need, just remember to give each one a unique name.