Skip to main content

Tutorial: How to Connect Without a Client Certificate

Abstract

Use a server-locked connection profile to connect to Access Server without a client certificate. This tutorial explains how.

Overview

Access Server typically uses unique client certificates and private keys to secure the OpenVPN connection. Each user-locked, and autologin connection profile downloaded from the Access Server includes a unique public and private key pair to identify the client to the server. However, there are scenarios where you may need to connect without client certificates.

In previous versions of Access Server, disabling client certificates required modifying the no_client_cert parameter in the as.conf file. This method is no longer supported or recommended. Instead, Access Server supports connections without client certificates using a server-locked profile.

By following these steps, you can connect to your Access Server without needing client certificates, simplifying the connection process for certain use cases while maintaining security and functionality.

Tip

Using server-locked profiles provides a streamlined way to manage connections without client certificates, ensuring compatibility and ease of use in scenarios where client certificates are undesirable.

Prerequisites

  • An installed Access Server 2.9.0 or newer installed.

  • A user account.

  • OpenVPN Connect on Windows or macOS.

Step 1: Allow the use of server-locked profiles

  1. Sign in to the Admin Web UI.

  2. Click Configuration > CWS Settings.

  3. Click Show for server-locked profile.

Step 2: Download a server-locked profile

  1. Sign in to the Client Web UI with the user account.

  2. Download a server-locked profile:

    • For Access Server 2.14.0 and newer:

      1. Click Connection Profiles at the top.

      2. Click Add New Profile.

      3. In the modal window, select Server-Locked for Profile type.

      4. Click Save And Download.

    • For Access Server before 2.14:

      • Under "Available Connection Profiles," click the link for Anyone at this server (server-locked profile).

    • The connection profile file (.ovpn) downloads.

Step 3: Import the server-locked profile to OpenVPN Connect

Once you've downloaded the necessary file, you can import it into OpenVPN Connect using one of three options:

  1. Browse for file.

  2. Drag and drop.

  3. Double-click on .ovpn file.

Steps

  1. Obtain the .ovpn file from the VPN server or provider.

  2. Save it to a location on your device.

  3. Launch OpenVPN Connect.

  4. Tap or click to open the Menu.

  5. Tap or click My Profiles.

  6. Tap or click the add icon.

    • The Import Profile screen displays.

  7. Tap or click the Upload File button.

  8. Navigate to the .ovpn file and upload.

    • The Import Profile confirmation dialog appears.

  9. Tap or click OK.

    • The new profile will appear in your app and become the main profile.

Drag and drop (Windows and macOS)

  1. Obtain the .ovpn file from the VPN server or provider.

  2. Save it to a location on your device.

  3. Launch OpenVPN Connect.

  4. Drag and drop your .ovpn profile to any screen in the app

    • The Import Profile confirmation dialog displays.

  5. Tap or click OK.

    • The new profile will appear in your app and become the main profile.

Double-click on .ovpn file (Windows and macOS)

  1. Obtain the .ovpn file from the VPN server or provider.

  2. Save it to a location on your device.

  3. Double-click on the file.

    • The Import Profile confirmation dialog appears.

  4. Click OK.

    • The new profile will appear in yoiur app and become the main profile.

In this section: