Create Client Cert Ubiquiti

Instead of using the CA.pl script, it’s easier to create the certificates by hand.

Create CA then server key:

sudo -s
openssl req -new -keyout server.key -out server.csr -subj "/C=FR/ST=Paris/CN=vpn.example.org"
openssl x509 -days 1095 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt 
mv server.crt /config/auth/server.crt
mv server.key /config/auth/server.key

You can create clients the same way

openssl req -nodes -new -keyout client1.key -out client1.csr 
openssl x509 -days 1095 -req -in client.csr  -CA cacert.pem -CAkey ca.key -CAcreateserial -out client1.crt
openssl rsa -in client1.key -out client1.key
mv client1.key /config/auth/client1.key
mv client1.crt /config/auth/client1.crt

Rince and repeat for more clients. 1095 will give you 3-years VPN credentials.

References: https://help.ui.com/hc/en-us/articles/115015971688-EdgeRouter-OpenVPN-Server

slurdge•org

bitcrafting laboratory

Create Client Cert Ubiquiti

Contact