Discussion:
[Openvpn-users] Embedding key/cert/ca into client config
Ryan Whelan
2011-08-09 02:16:56 UTC
Permalink
I swear at some point in the past I saw an openvpn implementation
where the client key, cert and the ca cert were embedded inside the
client config file in text blocks. Much like the <connection>
</connection> block that allows you specify multiple servers. (
http://openvpn.net/index.php/open-source/documentation/manuals/69-openvpn-21.html
)

Looking through all the openvpn documentation and trying all the
google terms I can think of have not produced a single example of
configuring a client with the keys in the config file. Is this
possible?

Thanks
Jan Just Keijser
2011-08-09 08:38:31 UTC
Permalink
Hi Ryan,
Post by Ryan Whelan
I swear at some point in the past I saw an openvpn implementation
where the client key, cert and the ca cert were embedded inside the
client config file in text blocks. Much like the <connection>
</connection> block that allows you specify multiple servers. (
http://openvpn.net/index.php/open-source/documentation/manuals/69-openvpn-21.html
)
Looking through all the openvpn documentation and trying all the
google terms I can think of have not produced a single example of
configuring a client with the keys in the config file. Is this
possible?
use something like

ca [inline]
cert [inline]
key [inline]
tls-auth [inline] 1

<ca>
-----BEGIN CERTIFICATE-----
# insert base64 blob from ca.crt
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
# insert base64 blob from client1.crt
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
# insert base64 blob from client1.key
-----END PRIVATE KEY-----
</key>

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
# insert ta.key
-----END OpenVPN Static key V1-----
</tls-auth>


HTH,

JJK

Loading...