From e785494eec6c2ff96fe7549357783a65bd7017df Mon Sep 17 00:00:00 2001
From: Birkhoff <23278129+birkhoffcheng@users.noreply.github.com>
Date: Sat, 15 Dec 2018 11:06:45 -0800
Subject: [PATCH] Remove redundant info

Only keep x509 encoded part of the certificate for smaller client file size.
---
 openvpn-install.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index 8b56327..d7b401c 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -240,6 +240,9 @@ else
 	EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-client-full $CLIENT nopass
 	EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
 	# Move the stuff we need
+	csplit -f /etc/openvpn/easy-rsa/pki/issued/cert. /etc/openvpn/easy-rsa/pki/issued/server.crt '/-----BEGIN CERTIFICATE-----/' '{*}'
+ 	rm /etc/openvpn/easy-rsa/pki/issued/cert.00
+ 	mv /etc/openvpn/easy-rsa/pki/issued/cert.01 /etc/openvpn/easy-rsa/pki/issued/server.crt
 	cp pki/ca.crt pki/private/ca.key pki/issued/server.crt pki/private/server.key pki/crl.pem /etc/openvpn
 	# CRL is read with each client connection, when OpenVPN is dropped to nobody
 	chown nobody:$GROUPNAME /etc/openvpn/crl.pem