Kevin's Table of OpenVPN Keys, Certificates, and Authorities

Kevin's Big List o' Files

Sometimes I run OpenVPN on a Linux server. Sometimes I run OpenVPN on a consumer-grade router with a built-in OpenVPN. Just to be "helpful", they don't use identical terminology. Here's where I keep it straight.

You’re going to need a bunch of files with certificates.  You’ll give some of these to the server, some to the clients, and some you’ll keep secretly filed away. (See also this .)

File Name

Merlin’s Name

Needed By

Purpose

Secret

config.ovpn

(settings from checkboxes, textboxes, etc.)

server

configuration options

No

ca.crt

Certificate Authority

server + clients

CA Root Certificate

No

ca.key

n.a.

key signing machine only

Root CA private key

Yes

dh{n}.pem

Diffie Hellman parameters

server

Diffie Hellman parameters

No

server.crt

Server Certificate

server

Server Certificate

No

server.key

Server Key

server

Server Key

Yes

user-{n}.crt

n.a.

user-{n}

Client Certificate

No

client{n}.key

n.a.

client{n}

Client Key

Yes

ta.key (static.key)

Static Key

server + clients

Extra, optional security for connecting

Yes

crl.pem

Certificate Revocation List

server

Blacklisting of certificates

No

?

Extra Chain Certificates

?

Merlin has this field. I don't know what it's for.

No

.csr files

(not referenced)

key generation machine

Intermediate files for building certificates

No

Details of files:

  • ca.crt

    • All of your keys/certificates will be signed by a root certificate authority (CA). This is the certificate of your CA. You can act as your own CA or you can use a commercial CA. This document assumes you act as your own CA. Any (non-revoked) client certificate signed by this CA will be able to login to your VPN, so you may want a unique CA certificate for your VPN.

  • ca.key

    • This is the private key of your CA. You need it on you key generation machine. You do not need it on your VPN server.

  • dh{n}.pem, dh.pem

    • The Diffie Hellman algorithm generates a unique *session* key via a well-known algorithm. This is a seed for that algorithm. It allows you to "create an encryption key with someone, and then start encrypting your traffic with that key. And even if the traffic is recorded and later analyzed, there's absolutely no way to figure out what the key was.” Contrary to my expectation, you don’t have to keep this secret because parts of the DH exchange are random values. Sometimes this file is named dh2048.pem (or dh4096.pem); sometimes it is named dh.pem.

  • server.crt

    • This identifies your VPN server and contains its public key. Merlin names it server.crt. I generate two server certificates: server-raspi.crt and server-router.crt

  • server.key

    • This is your VPN server’s private key. Merlin names it server.key. I generate two server certificates: server-raspi.key and server-router.key

  • user-{n}.crt, user-pass-{n}

    • This identifies your client and contains its public key. There is one per client. Some of these are named user-pass-{n}. Those users have passworded keys.

  • user-{n}.key, user-pass-{n}

    • This is your client’s private key. There is one per client. Some of these are named user-pass-{n}. Those users have passworded keys.

  • ta.key (static.key)

    • Used for "Extra HMAC authorization” (Merlin’s name) or the “tls-auth” configuration line in OpenVPN.  This is an optional, *extra* key, used to authenticate the TLS handshake.  When your client makes its initial connection to the server, this information gets passed.  If the client doesn’t pass it, the server doesn’t respond, protecting against some attacks. OpenVPN has 2 authentication modes.  “Static Key” and “TLS”. Merlin overloads this field and uses it for BOTH methods’ static key. Merlin calls it "static.key". In my Linux config, I name it "ta.key". With Merlin, you must set “TLS control channel security” = 0, or this file won't be created.

  • crl.pem

    • Used to revoke or blacklist certificates. You revoke a certificate when someone loses the laptop/phone with that certificate. Or maybe you revoke your ex-spouse's certificate when the divorce is final. ;-)

  • .csr files

    • In order to create a certificate, you collect some data and get it signed by your Certificate Authority. The .csr files are input to the CA signing. The signed .crt files are the output. Once you have the .crt, you don't need the .csr.

I hope that helps to keep everything straight. It can be confusing!