EasyRSA – v3 “Easy” HowTo

Download the easy-rsa from github:https://github.com/OpenVPN/easy-rsa.git ( as master.zip & unzip the master.zip  )

Enter the unziped  directory : “easy-rsa-master/easyrsa3”

  • Edit the vars.example  file as “#set_var EASYRSA_KEY_SIZE 2048” -> “set_var EASYRSA_KEY_SIZE 4096” : To have better encryption. And cp file  vars.example as vars
  • Initialize the easyrsa “./easyrsa init-pki”
  • if you will use easyrsa with openvpn create dh parameters: “/easyrsa gen-dh”
  • For building ca : “./easyrsa build-ca”
  • For creating client keys: “./easyrsa gen-req <client>” : This version requires passphrase for the keys
    • For creating client keys without pasword: “./easyrsa gen-req <client> nopass”
  • Steps for creating server keys & signing them
    • For creating server keys: “./easyrsa gen-req <server_name> nopass”
    • Import Request: “./easyrsa import-req <path to req file: sample ->  ./pki/reqs/<file_name>>”  Name_of_Req
    • See Requests: “./easyrsa show-req”
    • Sign the Requests: “./easyrsa sign server  Name_of_Req”
    • The results: CRT file : “./pki/issue/<crt_file>” & KEY file: “./pki/private/<key_file>”