How to configure Windows OpenVPN client with certificate authentication

Applies to Platform: Windows
Updated on: October 7th, 2019


This lessons illustrates how to configure Windows OpenVPN client to use certificate authentication.


PC with Windows OS.

Internet connectivity to download openvpn community package.

Admin privileges to install openvpn comunity package.

Client Installation

Download openvpn community from and install it.
During setup choose all components and type in destination folder c:\openvpn.
If during the installation appears a warning or error about installing an unsigned driver,don't worry and choose install.


In your openvpn config folder c:\openvpn\config create a folder like ACME-vpn. After go to c:\openvpn\config\ACME-vpn and create a client configuration file called e.g., ACME-vpn.ovpn and insert the text below:

dev tap                             
proto udp            #only if you use udp protocol
remote REDIP 1194  #1194 only if your vpn server's port is the default port     
resolv-retry infinite
pkcs12 John.p12      #this is the p12 client certificate
#auth-user-pass      #uncomment this row if you want to use two factor authentication
verb 3
ns-cert-type server

Replace REDIP above with the public RED IP of the Endian Appliance.

To create John.p12 client certificate, please follow this guide, then copy .p12 file into c:\openvpn\config\ACME-vpn.

Now right click on the openvpn tray icon and click connect.


If you want to generate the certificates using an external host, please follow this guide.


If you use a two-factor authentication a window asks your credential of your VPN user created on Endian UTM Appliance,  if there is no error a openvpn tray icon become green. If something goes wrong check if you are able to connect to OpenVPN server Port, default is <REDIP>:1194 with udp protocol.
Have more questions? Submit a request