Create Certificates
Open up the Certificates window by going to /System -> Certificates. Hit the + to add a new certificate
Create Certificate Authority Certificate
First we are going to create a Certificate Authority template
![](https://www.incredigeek.com/home/wp-content/uploads/2020/02/image-2.png)
Specify the key usage to “crl sign” and “key cert. sign” and apply
![](https://www.incredigeek.com/home/wp-content/uploads/2020/02/image-3.png)
Setup Server Certificate
Now we are going to create a server template
![](https://www.incredigeek.com/home/wp-content/uploads/2020/02/image-6.png)
We need to specify “Digital signature, key encipherment, and tls server” You may need to enable/disable more depending on your use case scenario. In this case we are setting it up for OpenVPN.
![](https://www.incredigeek.com/home/wp-content/uploads/2020/02/image-10.png)
Sign Templates
First we need to sign the ca-template by opening up the the Certificate and hitting Sign on the right hand side. Should get the little Sign window pop up.
![](https://www.incredigeek.com/home/wp-content/uploads/2020/02/image-8.png)
Progress will show done when it is finished signing.
Next we need to sign the server-template. When Signing the server template, specify the ca-template in the CA: field. See below
![](https://www.incredigeek.com/home/wp-content/uploads/2020/02/image-9.png)