Skip to main content

Tutorial: How to Connect Without a Client Certificate

Abstract

Use a server-locked connection profile to connect to Access Server without a client certificate. This tutorial explains how.

Overview

Access Server typically uses unique client certificates and private keys to secure the OpenVPN connection. Each user-locked, and autologin connection profile downloaded from the Access Server includes a unique public and private key pair to identify the client to the server. However, there are scenarios where you may need to connect without client certificates.

By following these steps, you can connect to your Access Server without needing client certificates, simplifying the connection process for certain use cases while maintaining security and functionality.

Tip

Using server-locked profiles provides a streamlined way to manage connections without client certificates, ensuring compatibility and ease of use in scenarios where client certificates are undesirable.

Prerequisites

  • An installed Access Server.

  • A user account.

  • OpenVPN Connect on Windows or macOS.

Step 1: Allow the use of server-locked profiles

  1. Sign in to the Admin Web UI.

  2. Click VPN Server.

    • The Network Settings tab displays.

  3. Click the Security / Encryption tab.

  4. Under OpenVPN client certificate requirements, set it to On to Allow VPN connections without client certificates (server-locked v2).

  5. Click Save and Restart.

Step 2: Show server-locked profiles on the Client Web UI

  1. Click Web Services.

    • The Admin Web Server tab displays.

  2. Click the Client Web Server tab.

  3. Under Client Web UI settings, check Server-locked profiles for Profile availability.

  4. Click Save and Restart.

Step 3: Download a server-locked profile

  1. Sign in to the Client Web UI with the user account.

  2. Click the Connection Profiles tab.

  3. Click Add New Profile.

  4. Select Server-locked for Profile type.

  5. Click Save and Download.

    • The connection profile file (.ovpn) downloads.

Step 4: Import the server-locked profile to OpenVPN Connect

Once you've downloaded the necessary file, you can import it into OpenVPN Connect using one of three options:

  1. Browse for file.

  2. Drag and drop.

  3. Double-click on .ovpn file.

Steps

  1. Obtain the .ovpn file from the VPN server or provider.

  2. Save it to a location on your device.

  3. Launch OpenVPN Connect.

  4. Tap or click to open the Menu.

  5. Tap or click My Profiles.

  6. Tap or click the add icon.

    • The Import Profile screen displays.

  7. Tap or click the Upload File button.

  8. Navigate to the .ovpn file and upload.

    • The Import Profile confirmation dialog appears.

  9. Tap or click OK.

    • The new profile will appear in your app and become the main profile.

Drag and drop (Windows and macOS)

  1. Obtain the .ovpn file from the VPN server or provider.

  2. Save it to a location on your device.

  3. Launch OpenVPN Connect.

  4. Drag and drop your .ovpn profile to any screen in the app

    • The Import Profile confirmation dialog displays.

  5. Tap or click OK.

    • The new profile will appear in your app and become the main profile.

Double-click on .ovpn file (Windows and macOS)

  1. Obtain the .ovpn file from the VPN server or provider.

  2. Save it to a location on your device.

  3. Double-click on the file.

    • The Import Profile confirmation dialog appears.

  4. Click OK.

    • The new profile will appear in yoiur app and become the main profile.

In this section:

Access Server's web server used by the administrator to configure the VPN server.

Access Server's web server used by clients to download OpenVPN Connect and configuration profiles.