Home > Articles > Security > Network Security

  • Print
  • + Share This
Like this article? We recommend

Setting Up the Public Key Infrastructure (PKI)

OpenVPN uses X.509 certificates to secure the data. The use of certificates is important because this approach not only provides for an encrypted network, but adds authentication and identification checks. However, for certificates to work, we need a service that can distribute and manage the certificates. Many commercial options are available, but I recommend OpenSSL because it's free. OpenSSL is a command-line program, but it has an optional GUI front end called XCA.

Prior to running OpenVPN, you must create several keys in OpenSSL:

  • A certificate authority (CA) root key pair, which will issue and sign all future certificates
  • A certificate for each user/machine that will need to connect to the VPN server

Each certificate has to be signed by the issuing certificate authority; otherwise, the user won't be able to authenticate to the VPN. For more information on using OpenSSL or XCA, see this page on my site.

  • + Share This
  • 🔖 Save To Your Account