Before using the module, we use the tool easy-rsa to create private authority, key and certificates for server and client(s). Steps:
Go to Release page of easy-rsa: https://github.com/OpenVPN/easy-rsa/releases (EasyRSA 3.0.8)
<aside> 💡 The software requires OpenSSL version 1.1.1f
</aside>
Choose the suitable build for your machine. For example, if you uses Linux or MacOS, select latest release e.g. "EasyRSA-3.0.8.tgz" to download. and uncompress the file.
For example, you can use the command line with Linux, if you download the tar file:
tar -xvzf EasyRSA-3.0.8.tgz
Assuming you extract the content to the folder "EasyRSA-3.0.8", you can use the following scripts in utils folder.
First, allow executable permission for the script.
Note: In case the folder name is not EasyRSA-3.0.8, kindly edit the scripts to have correct module name.
To help on manage the certificates easily, we provide these utility scripts.
| Script | Purpose |
|---|---|
| pki_generate_ca_server_cert.sh | Utility script to generate new certificates for CA and server |
| pki_generate_ca_client_cert.sh | Utility script to generate new certificates for client |
| pki_sync_remote_secrets.sh | Utility script to import CA and server certificates back to EasyRSA module. The tool helps you not generate new CA and server certificates while being able to generate new client certificates |
You need to allow execution mode for these scripts to run them.
chmod +x pki_generate_ca_server_cert.sh
chmod +x pki_generate_ca_client_cert.sh
chmod +x pki_sync_remote_secrets.sh