Client Certificate Creation from within Mettle SE
- Go to Tools >> Certificate Authority Manager >> Certificates
- Click on Add New button
- Select Method : Create an Internal Certificate
- Enter A Descriptive Name
- Select Certifying Authority : The CA which created the Server Certificate
- Enter Key Length : 2048 bits
- Certificate Type : User Certificate
- Enter Lifetime
- Enter Country Code
- Enter State or Province
- Enter City
- Enter Organization
- Enter Email Address
- Enter Common Name
- Click Save
Client Certificate creation using a Linux computer
mkdir /etc/openvpn/easy-rsa
cp -r /usr/share/docs/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
edit /etc/openvpn/easy-rsa/keys/vars
make required entries
source vars
./clean-all
Export CA cert from the server to /etc/open-vpn/easy-rsa/keys/.
./build-key client
To Export the certificate to the client Machine from Mettle SE
- Go to Tools >> Certificate Authority Manager >> Certificates
- Click on the blue inverted triangle next to the Certificate you wish to export
- Select Export Certificate - to export certificate to the client
- Select Export Cert Key - to export client Certificate key to the client
SSL VPN Client sample configuration file used in a Linux client computer
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/
copy ca.crt , client.crt and client.key to /etc/openvpn/.
Create client.conf file with the following lines :
client
dev tun
proto udp
remote <VPN Server IP> 1194
resolv-retry infinite
nobind
persist-key
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
status log/openvpn-status.log
comp-lzo
verb 5
Make sure 'client' keyword is present in the file
To Start SSL VPN client in a Linux client computer type:
/etc/init.d/openvpn start