Skip to main content

Tutorial: How to Connect Without a Client Certificate

Abstract

Use a server-locked connection profile to connect to Access Server without a client certificate. This tutorial explains how.

Overview

Access Server typically uses unique client certificates and private keys to secure the OpenVPN connection. Each user-locked, and autologin connection profile downloaded from the Access Server includes a unique public and private key pair to identify the client to the server. However, there are scenarios where you may need to connect without client certificates.

By following these steps, you can connect to your Access Server without needing client certificates, simplifying the connection process for certain use cases while maintaining security and functionality.

Tip

Using server-locked profiles provides a streamlined way to manage connections without client certificates, ensuring compatibility and ease of use in scenarios where client certificates are undesirable.

Prerequisites

  • An installed Access Server.

  • A user account.

  • OpenVPN Connect on Windows or macOS.

Step 1: Allow the use of server-locked profiles

  1. Sign in to the Admin Web UI.

  2. Click VPN Server.

    • The Network Settings tab displays.

  3. Click the Security / Encryption tab.

  4. Under OpenVPN client certificate requirements, set it to On to Allow VPN connections without client certificates (server-locked v2).

  5. Click Save and Restart.

Step 2: Show server-locked profiles on the Client Web UI

  1. Click Web Services.

    • The Admin Web Server tab displays.

  2. Click the Client Web Server tab.

  3. Under Client Web UI settings, check Server-locked profiles for Profile availability.

  4. Click Save and Restart.

Step 3: Download a server-locked profile

  1. Sign in to the Client Web UI with the user account.

  2. Click the Connection Profiles tab.

  3. Click Add New Profile.

  4. Select Server-locked for Profile type.

  5. Click Save and Download.

    • The connection profile file (.ovpn) downloads.

Step 4: Import the server-locked profile to OpenVPN Connect

Once you've downloaded the necessary file, you can import it into OpenVPN Connect using one of three options:

  1. Browse for file.

  2. Drag and drop.

  3. Double-click on .ovpn file.

Browse for file

  1. Obtain the .ovpn file from the VPN server or provider.

  2. Save it to a location on your device.

  3. Launch OpenVPN Connect.

  4. Tap or click the add icon.

    • The Import Profile screen displays.

  5. Tap or click the File tab.

  6. Tap or click Browse.

    Tip

    On Windows or macOS, you can also drag and drop the .ovpn file here.

  7. Navigate to the .ovpn file and upload.

    • The new profile displays in your app.

Drag and drop (Windows and macOS)

  1. Obtain the .ovpn file from the VPN server or provider.

  2. Save it to a location on your device.

  3. Launch OpenVPN Connect.

  4. Click the add icon.

    • The Import Profile screen displays.

  5. Click the File tab.

  6. Drag and drop your .ovpn profile to the screen.

    • The Imported Profile screen displays with the profile name, server hostname, and username.

  7. Click Connect to immediately connect, or click the back icon to return to the Profiles screen.

Double-click on .ovpn file (Windows and macOS)

  1. Obtain the .ovpn file from the VPN server or provider.

  2. Save it to a location on your device.

  3. Double-click on the file.

    • OpenVPN Connect launches and displays the Import .ovpn profile prompt.

  4. Click OK.

    • The Imported Profile screen displays with the profile name, server hostname, and username.

  5. Click Connect to immediately connect, or click the back icon to return to the Profiles screen.

In this section:

Access Server's web server used by the administrator to configure the VPN server.

Access Server's web server used by clients to download OpenVPN Connect and configuration profiles.