1. Choose a Common Name (CN)

2. Choose a signing Algorithm

3. Finalize

Note: This will do a service-level Access Server Restart


Key signing choices

RSA
Best Compatibility

Works with every OpenVPN client.

Suite B Curves
Good Compatibility

Access Server recommends secp384r1 as it is compatible with almost all OpenVPN clients.

Ed25519, Ed448
Limited Compatibility

Compatible only with OpenVPN Connect 3.2+ and OpenVPN clients that use OpenSSL 1.1.1+.

Other Curves
Not Recommended

Support is generally much weaker and may require special setup for the client. Using these curves will also disable TLS 1.3.