In this paper we will use XCA to configure the OpenVPN PKI part as an alternative to OpenVPN's easy-rsa.
With XCA you can create a CA, sign server and client certificates, revoke server or client certificates, create a CRL or generate DH parameters; all from a GUI.
So you can view and manage with ease your OpenVPN PKI.
The certificates and their corresponding private keys are stored in a database, database that you can put it into a safe place and access when needed.
Read more...