OpenVPN provides tools to prepare certificates and other items for authentication and encryption purposes. Certificates are required, in particular, to ensure the security of the communication channel between the on-premises server and the cloud server. The certificate management tools are in the folder %ProgramFiles%\OpenVPN\easy-rsa.

On the cloud computer, open a command prompt as an administrator, and enter the following commands to configure the initial values for the certificate management tools:

These commands create the vars.bat file in the easy-rsa folder with the initial values for building certificates. Open the vars.bat file in Notepad to view or change those values. In this file, you could set the values for the certificate fields, such as KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, etc. These values are used by default, and can be changed when building a certificate.

Enter the following commands to create the Certification Authority (CA) certificate:

When asked for input, accept or change the default values apart from the Name and Common name fields. In these fields, enter the ca value:

Next, build a certificate and a private key for the OpenVPN server. Enter the following command at the command prompt:

When asked for input, accept or change the default values apart from the Name and Common name fields. In these fields, enter the server value:

To complete the setup of encryption, prepare the Diffie Hellman parameters. Enter the following command at the command prompt:

As a result of these commands, the following files will appear in the easy-rsa\keys folder: ca.crt, server.crt, server.key, dh2048.pem.