2. CA and Certificate Generation
For secure communication, you must generate certificates and keys. Use the Easy-RSA tool.
2.1. Initializing PKI and Creating CA
cd /etc/openvpn/easy-rsa/ # Move to Easy-RSA directory
sudo ./easyrsa init-pki # Initialize PKI environment
sudo ./easyrsa build-ca nopass # Create CA certificate (no password)2.2. Generating Server and Client Certificates
sudo ./easyrsa gen-req server nopass # Generate server request and key
sudo ./easyrsa sign-req server server # Sign server certificate
sudo ./easyrsa gen-dh # Generate Diffie-Hellman parameters
sudo ./easyrsa gen-req client1 nopass # Generate client request
sudo ./easyrsa sign-req client client1 # Sign client certificate2.3. Copying Generated Certificates
cp /etc/openvpn/easy-rsa/pki/ca.crt /etc/openvpn/ # Copy CA cert
cp /etc/openvpn/easy-rsa/pki/issued/server.crt /etc/openvpn/ # Copy server cert
cp /etc/openvpn/easy-rsa/pki/private/server.key /etc/openvpn/ # Copy server key
cp /etc/openvpn/easy-rsa/pki/dh.pem /etc/openvpn/ # Copy DH file