Authenticating with TLS Certificates
Go to Network > VPN > OpenVPN and create a new connection.
In the Session section for the new connection, enter the name or public IP address of the OpenVPN Server.
Select TLS-Certificates as the Authentication Type.
Select the client certificate as the Client Certificate file.
Select the root certficate of the CA as the Certificate Authority (CA) file .
Select the client's private key as the Private Key file. Enter the passphrase in Private Key password if the key is protected with one.
Click an icon for the newly created session (e.g. in the Start Menu) to initiate the connection.
If a PKCS12 file is available, which includes the client certificate, the certificate authority and the private key, then you just need to enter the PKCS12 file name in the three corresponding fields. The advantage is that you only have to roll out one single file instead of three different files.