SSL VPN Client Certificate Creation

Client Certificate Creation from within Mettle SE
  1. Go to Tools >> Certificate Authority Manager >> Certificates
  2. Click on Add New button
  3. Select Method : Create an Internal Certificate
  4. Enter A Descriptive Name
  5. Select Certifying Authority :  The CA which created the Server Certificate
  6. Enter Key Length : 2048 bits
  7. Certificate Type : User Certificate
  8. Enter Lifetime
  9. Enter Country Code
  10. Enter State or Province
  11. Enter City       
  12. Enter Organization
  13. Enter Email Address
  14. Enter Common Name
  15. Click Save
Client Certificate creation using a Linux computer

mkdir /etc/openvpn/easy-rsa
cp -r /usr/share/docs/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
edit /etc/openvpn/easy-rsa/keys/vars

make required entries

source vars
./clean-all

Export CA cert from the server to /etc/open-vpn/easy-rsa/keys/.

./build-key client

To Export the certificate to the client Machine from Mettle SE
  1. Go to Tools >> Certificate Authority Manager >> Certificates
  2. Click on the blue inverted triangle next to the Certificate you wish to export
  3. Select Export Certificate - to export certificate to the client
  4. Select Export Cert Key - to export client Certificate key to the client
SSL VPN Client sample configuration file used in a Linux client computer

cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/
copy ca.crt , client.crt and client.key to /etc/openvpn/.

Create client.conf file with the following lines :

client
dev tun
proto udp
remote <VPN Server IP> 1194
resolv-retry infinite
nobind
persist-key
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
status log/openvpn-status.log
comp-lzo
verb 5

Make sure 'client' keyword is present in the file

To Start SSL VPN client in a Linux client computer type:
/etc/init.d/openvpn start