Skip to main content

Tutorial: How to Connect Without a Client Certificate

Abstract

Use a server-locked connection profile to connect to Access Server without a client certificate. This tutorial explains how.

Overview

Access Server typically uses unique client certificates and private keys to secure the OpenVPN connection. Each user-locked, and autologin connection profile downloaded from the Access Server includes a unique public and private key pair to identify the client to the server. However, there are scenarios where you may need to connect without client certificates.

In previous versions of Access Server, disabling client certificates required modifying the no_client_cert parameter in the as.conf file. This method is no longer supported or recommended. Instead, Access Server supports connections without client certificates using a server-locked profile.

By following these steps, you can connect to your Access Server without needing client certificates, simplifying the connection process for certain use cases while maintaining security and functionality.

Tip

Using server-locked profiles provides a streamlined way to manage connections without client certificates, ensuring compatibility and ease of use in scenarios where client certificates are undesirable.

Prerequisites

  • An installed Access Server 2.9.0 or newer installed.

  • A user account.

  • OpenVPN Connect on Windows or macOS.

Step 1: Allow the use of server-locked profiles

  1. Sign in to the Admin Web UI.

  2. Click Configuration > CWS Settings.

  3. Click Show for server-locked profile.

Step 2: Download a server-locked profile

  1. Sign in to the Client Web UI with the user account.

  2. Download a server-locked profile:

    • For Access Server 2.14.0 and newer:

      1. Click Connection Profiles at the top.

      2. Click Add New Profile.

      3. In the modal window, select Server-Locked for Profile type.

      4. Click Save And Download.

    • For Access Server before 2.14:

      • Under "Available Connection Profiles," click the link for Anyone at this server (server-locked profile).

  3. The connection profile file (.ovpn) downloads.

Step 3: Import the server-locked profile to OpenVPN Connect

Once you've downloaded the necessary file, you can import it into OpenVPN Connect using one of three options:

  1. Browse for file.

  2. Drag and drop.

  3. Double-click on .ovpn file.

Browse for file

  1. Obtain the .ovpn file from the VPN server or provider.

  2. Save it to a location on your device.

  3. Launch OpenVPN Connect.

  4. Tap or click the add icon.

    • The Import Profile screen displays.

  5. Tap or click the File tab.

  6. Tap or click Browse.

    Tip

    On Windows or macOS, you can also drag and drop the .ovpn file here.

  7. Navigate to the .ovpn file and upload.

    • The new profile displays in your app.

Drag and drop (Windows and macOS)

  1. Obtain the .ovpn file from the VPN server or provider.

  2. Save it to a location on your device.

  3. Launch OpenVPN Connect.

  4. Click the add icon.

    • The Import Profile screen displays.

  5. Click the File tab.

  6. Drag and drop your .ovpn profile to the screen.

    • The Imported Profile screen displays with the profile name, server hostname, and username.

  7. Click Connect to immediately connect, or click the back icon to return to the Profiles screen.

Double-click on .ovpn file (Windows and macOS)

  1. Obtain the .ovpn file from the VPN server or provider.

  2. Save it to a location on your device.

  3. Double-click on the file.

    • OpenVPN Connect launches and displays the Import .ovpn profile prompt.

  4. Click OK.

    • The Imported Profile screen displays with the profile name, server hostname, and username.

  5. Click Connect to immediately connect, or click the back icon to return to the Profiles screen.

In this section: