HOWTO Administration

How to extract the CA, CERT, and KEY from OpenVPN-AS Certificates

Some UTM's and VOIP systems require a user to supply a CA, CERT and KEY, since we have bundeled all of these into one file you will need to run the following commands to extract them:


We package the certs/keys along with the client config to reduce the configuration to one file. However, using the CLI Get5 method, it is possible to get a configuration with separated files:

(./sacli can be found in this directory: /usr/local/openvpn_as/scripts)


ADMIN -- OpenVPN admin user

COMMON_NAME -- same as username, except for autologin profiles, append "_AUTOLOGIN" to the common name.

OUTPUT_DIRECTORY -- the 5 output files that comprise the separated config will be written here (ca.crt client.crt client.key client.ovpn, and ta.key).