Skip to content

Quick Start Client Only No CA mode

Jump to bottom Edit New page
TinCanTech edited this page Dec 13, 2021 · 1 revision

This page describes how a Client can use Easy-TLS to build their own self-signed certificate/key pair and inline file for use with OpenVPN.

Download: easytls and easytls-openssl.cnf to a new folder.

Easy-TLS No-CA mode

  • Easy-TLS in No-CA mode does not require an Easy-RSA PKI

Use Easy-TLS in No-CA mode as a Client only

  1. Initialise Easy-TLS in No-CA mode: ./easytls init-tls no-ca

  2. Create your self-signed client X509 certificate: ./easytls self-sign-client alice
    Instead of alice use your own name.

    This will create your public certificate and private key pair:

    • ./pki/easytls/alice.crt
    • ./pki/easytls/alice.key

    This will also generate your unique fingerprint:

    • ./pki/easytls/alice.fpr
      This is the only data which you must share with your Server.

    This will also generate your OpenVPN inline file:

    • ./pki/easytls/alice.inline

You must now contact your Server administrator to get the Server fingerprint.
Then add that fingerprint to your Client inline file.

  1. Add your the Server fingerprint to your Client inline file:
    • Open your inline file in a text editor and locate this section:
    <peer-fingerprint>
 * Replace this line with your peer's fingerprint *
</peer-fingerprint>
    • Add the Server fingerprint:
    <peer-fingerprint>
60:94:4E:25:E8:F3:87:34:23:66:D3:24:0C:92:75:FA:A3:27:56:B8:D9:1D:DB:64:87:21:F5:56:7A:8D:4A:3D
</peer-fingerprint>

You can now use your inline file in an OpenVPN configuration file to connect to your server.

Needs updating

Add a custom sidebar
Clone this wiki locally