An OpenVPN profile generator with valid client certificate and the private key never leaves the client workstation.

• Client browser logs in with their IPA creds + OTP.
• Browser generates key pair and CSR (all stored in session storage)
• Node requests certificate for user from IPA using CSR, returns cert to browser.
• Browser combines new certificate with CA cert and the private key into the OpenVPN profile.
• Browser downloads the OpenVPN profile file.