In the OpenVPN Access Server version 2.9 release, we added the ability to support multiple CA certificates. Version 2.9 and newer provides a CA Management section in the Admin Web UI where you can view your current CA certificates and generate new ones.
The CA Management tab displays all of the CAs on your Access Server where you can set when a CA Expires. You can also see the other details that you can set below:
- Type: Whether it’s the current or a previous CA. There must always be one current CA.
- Certificate CN: The name of the certificate. The CA issued when you launch your Access Server is named “OpenVPN CA”. When you create new CAs, you can define their names.
- Algorithm: The signing algorithm for the keys.
- Expires: The time remaining until each CA expires.
- User Profiles: The number of profiles associated with each CA.
- Actions: Click View Profiles to view the profiles for the selected CA in the User Profile section of the Admin Web UI. Click Delete to delete the CA and any associated user profiles.
You can find the details here: CA Management
You may also check this article for more details: CA Certificate Management
Access Server Resources:
OpenVPN Access Server Documentation
OpenVPN Access Server Resource Center
OpenVPN Access Server Admin Manual