How to configure Endian UTM Appliance to use OpenVPN certificate authentication

Version 5.0

Applies to Platform: UTM 5.0


This lesson illustrates how to configure your Endian UTM Appliance to use OpenVPN certificate authentication. The guide will show you how to create a new VPN user and related certificate, and how to setup OpenVPN server to use certificate authentication.


PC with web access to Endian UTM Appliance.

VPN user and certificate creation steps

1. Go to VPN > Authentication > Add new local user.

2. The only mandatory information here are the username and the password, which will be the ones that will be asked in case of PSK authentication. This is not our case as we will use X.509 certificate to authenticate, so we will proceed by setting Generate a new certificate for Certificate Configuration and by filling (it is not mandatory) all the next fields with the information related to the user that will use such certificate to connect to OpenVPN server. To finish the user creation, click on Add.

3. Once created the VPN user and certificate, go to VPN > Certificates to see the certification list, where you should see the certificate just generated. Click on Download PKCS12 file (in the image below, it is highlighted by a red square) to download the certificate bundle, useful for the OpenVPN client that wants to connect to Endian UTM appliance OpenVPN server.

OpenVPN server configuration steps

1. Go to VPN > OpenVPN server, and select X.509 certificate as Authentication type.

2. Click on Save.


If you want to use a two-factor authentication choose X.509 certificate & PSK (two factor).

3. Click on Apply to apply the new configuration.

Have more questions? Submit a request