OpenVPN: Add clients without rebuilding all keys?

As Ency says, provided you've created your own CA, you simply create another key for the new user. Before any more gets typed, when you set up openVPN you did create your own CA, as recommended, didn't you?

Edit: OK, then

cd easy-rsa
. ./vars
./build-key newclient

I also have some notes somewhere about making a CRL, which allows you to revoke old certificates, and pointing openVPN at the crl, but I can't immediately find them.