Is manual OpenVPN PKI no longer possible on v2.0?

  • Hi everyone,

    I see, I am forced to use the built-in Certificate manager when trying OpenVPN. On v1.2.3, I could simply copy and paste my dh1024 parameter and server certificate and keys directly for PKI when creating OpenVPN server. But version 2.0 doesn't even have PKI in the list of options.

    Why is it removed? The wizard process is very complicated as it stands.

    If it's still possible to copy and paste my own configs, please guide me to it as I can't find it.


  • I am wondering this too…

  • Rebel Alliance Developer Netgate

    Just import your certificates into the cert manager and choose them when making the OpenVPN server or client.

    You do not need to add/import DH parameters. See

    PKI is still there, it's just labeled differently. SSL/TLS == PKI. Just don't check the box for TLS, and it's the same mode that was there before.

  • Thanks for reply but my friend I am totally lost. I don't know why someone changes the names as it has thrown me off big time and I am sure others as well…..

    So, in old version here is what I have to input to get a server running:

    CA certificate
    Server certificate
    Server key
    DH parameters

    Where exactly are these in the new 2.0 version? They are not labeled properly in Certificate manager so can you match each one by one and let me know please?

    Also, for client in old version I needed this which I can't relate to in the new 2.0 version and if you can tell me where they should go in the new 2.0?
    CA certificate
    Client certificate
    Client key

    In 2.0 I see:
    Peer Certificate Authority and Client Certificate and TLS Authentication - all of which are new to me.


  • Rebel Alliance Developer Netgate

    CA/Certs are all handled under System > Certificate Manager.
    Import your CA and Server Cert/Keys there.

    You do not need to import DH parameters.

Log in to reply