CORE STUDY: easy-rsa

Reading Time: < 1 minute

Last edit: 1/17/2022

easy-rsa is OpenSource CLI based Certificate Management system.

I am going to post some short hand notes regarding this. It’s too important not to know. I have no idea why I haven’t worked with this more in the past. However this is deserving of more than what I have here for the immediate two seconds. However I would rather have something than nothing. I will put a date above to help shame myself. 🙂

This is going to bring up some important concepts like reviewing / managing CAs for your environment.

Forward: EASY-RSA co-exists with the OpenVPN code they are not broken into separate repositories. Don’t let this deter you. Another thumbs up to digital oceans. Most of the stuff below will be for installing easy-rsa on Ubuntu. If your not on Ubuntu I am guessing you can pull what you need from the github repository noted below.


We can use APT to install easy-rsa from the base Ubuntu repositories.

sudo apt update
sudo apt install openvpn easy-rsa

Now it’s a matter of creating a directory to “manage” the deployment. This “managment” directory holds all the files and configurations used to configure your Certificate Authority (CA)

The following script shows how one might create the directory and provide the initial configuration.

 mkdir ~/easy-rsa
 ln -s /usr/share/easy-rsa/* ~/easy-rsa/
 chmod 700 /home/ubuntu/easy-rsa
 cd ~/easy-rsa
 ./easyrsa init-pki
 ls -al
 nano vars
 ./easyrsa build-ca

Creating your First Certificate

Let’s say you were going to create a certificate for Rancher.

cd /tmp
vi rancher-server.req
cd easy-rsa/
./easyrsa import-req /tmp/rancher-server.req rancher-server
./easyrsa sign-req server rancher-server


A default location for certs on ubuntu is: /etc/ssl/certs


start here url:

This entry was posted in Certificate. Bookmark the permalink.