Last edit: 1/17/2022
easy-rsa is OpenSource CLI based Certificate Management system.
I am going to post some short hand notes regarding this. It’s too important not to know. I have no idea why I haven’t worked with this more in the past. However this is deserving of more than what I have here for the immediate two seconds. However I would rather have something than nothing. I will put a date above to help shame myself. 🙂
This is going to bring up some important concepts like reviewing / managing CAs for your environment.
Forward: EASY-RSA co-exists with the OpenVPN code they are not broken into separate repositories. Don’t let this deter you. Another thumbs up to digital oceans. Most of the stuff below will be for installing easy-rsa on Ubuntu. If your not on Ubuntu I am guessing you can pull what you need from the github repository noted below.
We can use APT to install easy-rsa from the base Ubuntu repositories.
sudo apt update sudo apt install openvpn easy-rsa
Now it’s a matter of creating a directory to “manage” the deployment. This “managment” directory holds all the files and configurations used to configure your Certificate Authority (CA)
The following script shows how one might create the directory and provide the initial configuration.
mkdir ~/easy-rsa ln -s /usr/share/easy-rsa/* ~/easy-rsa/ chmod 700 /home/ubuntu/easy-rsa cd ~/easy-rsa ./easyrsa init-pki ls -al nano vars ./easyrsa build-ca
Creating your First Certificate
Let’s say you were going to create a certificate for Rancher.
cd /tmp vi rancher-server.req cd easy-rsa/ ./easyrsa import-req /tmp/rancher-server.req rancher-server ./easyrsa sign-req server rancher-server
A default location for certs on ubuntu is: /etc/ssl/certs
start here url: