client2

Generate a new hostkey for the client on the AP (Identical to generating the gateway key earlier)
Optionally remove passphrase: openssl rsa -passin pass:foobar -passout pass:foobar -in filename_lock -out filename_unlock
For windows client, an extra step, make PKCS12 file (includes root CA) /usr/bin/openssl pkcs12 -export -inkey filename_lock -in filenameCert.pem -name wavesec -certfile caCert.pem -caname \"WaveSEC CA\" -out filenameCert.p12 -passin pass:foobar -passout pass:foobar

Generate a new hostkey for the client on the AP (Identical to generating the gateway key earlier)