Last edit: 1/17/2022
easy-rsa is OpenSource CLI based Certificate Management system.
I am going to post some short hand notes regarding this. It’s too important not to know. I have no idea why I haven’t worked with this more in the past. However this is deserving of more than what I have here for the immediate two seconds. However I would rather have something than nothing. I will put a date above to help shame myself. 🙂
This is going to bring up some important concepts like reviewing / managing CAs for your environment.
Forward: EASY-RSA co-exists with the OpenVPN code they are not broken into separate repositories. Don’t let this deter you. Another thumbs up to digital oceans. Most of the stuff below will be for installing easy-rsa on Ubuntu. If your not on Ubuntu I am guessing you can pull what you need from the github repository noted below.
Install
We can use APT to install easy-rsa from the base Ubuntu repositories.
sudo apt update
sudo apt install openvpn easy-rsa
Now it’s a matter of creating a directory to “manage” the deployment. This “managment” directory holds all the files and configurations used to configure your Certificate Authority (CA)
The following script shows how one might create the directory and provide the initial configuration.
mkdir ~/easy-rsa
ln -s /usr/share/easy-rsa/* ~/easy-rsa/
chmod 700 /home/ubuntu/easy-rsa
cd ~/easy-rsa
./easyrsa init-pki
ls -al
nano vars
./easyrsa build-ca
Creating your First Certificate
Let’s say you were going to create a certificate for Rancher.
cd /tmp
vi rancher-server.req
cd easy-rsa/
./easyrsa import-req /tmp/rancher-server.req rancher-server
./easyrsa sign-req server rancher-server
Note:
A default location for certs on ubuntu is: /etc/ssl/certs
url:
https://github.com/OpenVPN/easy-rsa
https://easy-rsa.readthedocs.io/en/latest/
start here url:
https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-ubuntu-20-04