• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » How to Create Own Certificate Authority (CA) With EasyRSA

By Abhishek Ghosh August 24, 2019 9:43 pm Updated on August 24, 2019

How to Create Own Certificate Authority (CA) With EasyRSA

Advertisement

A certificate authority (CA) is who issues the digital certificates. We need this for installation of some software, such as OpenVPN. For doing that, we have to download the latest version of EasyRSA. EasyRSA is the CLI utility to build and manage a PKI CA. A CA acts as a trusted 3rd party. The format of these certificates is specified by the X.509 standard.

A certificate signed by a Certificate Authority (CA) which is trusted, like by the browser is displayed as trusted (that usually a padlock icon). A browser only trusts a CA when the CA’s public root certificate is installed in the browser and/or the computer in use. That makes the actual usage limited within own network. Browsers come with pre-installed CA certificates such as from Geotrust, Comodo, Symantec. The reason to use EasyRSA like scripted way is to make the steps easy. OpenSSL command line for setting up own CA infrastructure for a person unused with X.509 certificate chain of trust can make dizzy. We need to build the CA on a single server for this purpose. This prevents an attacker to access the CA private key to sign new certificates. We can keep the CA server turned off when not required to be in use.

How to Create Own Certificate Authority CA

This is EasyRSA’s official GitHub repo :

Advertisement

---

Vim
1
2
3
4
5
#
 
https://github.com/OpenVPN/easy-rsa
 
#

We can wget it and un-tar it :

Vim
1
2
3
4
5
6
7
8
9
10
11
cd ~
# version 3.0.6 is latest at the time of writing this guide
wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v3.0.6.tgz
ls | grep "tgz"
tar -xzvf EasyRSA-unix-v3.0.6.tgz
rm EasyRSA-unix-v3.0.6.tgz
cd ~/EasyRSA-v3.0.6/
cp vars.example vars
cat vars
# initialized to create pki directory and various sub-directories
./easyrsa init-pki force

You’ll get output like this :

Vim
1
2
..
Your newly created PKI dir is: /home/user-name/EasyRSA-v3.0.6/pki

Now we need to edit that vars file :

Vim
1
2
nano vars
# vi vars

Your edit should make the file looking like this :

Vim
1
2
3
4
5
6
7
8
. . .
 
set_var EASYRSA_REQ_COUNTRY    "IN"
set_var EASYRSA_REQ_PROVINCE   "WestBengal"
set_var EASYRSA_REQ_CITY       "Kolkata"
set_var EASYRSA_REQ_ORG        "The Customize Windows Consultancy"
set_var EASYRSA_REQ_EMAIL      "admin@thecustomizewindows.com"
set_var EASYRSA_REQ_OU         "Blog Department"

Again, we need to call the easyrsa script for the build-ca option which will build the CA and create two required files ca.crt and ca.key. We do not need password hence we will run :

Vim
1
./easyrsa build-ca nopass

To generate CA certificate use something similar to:

Vim
1
2
echo "ca.thecustomizewindows.com" > input.txt
./easyrsa build-ca nopass < input.txt

There are various methods for generating server or client certificates. Such as, on CA server we can use the build-server-full or build-client full script.

Another way is to copy the easy-rsa scripts on target server and generating certificate request. This request will be imported in next step and signed on CA server. Then the signed certificate will be transferred back to the server which generated the request. To build full-client-certifcate without requiring client to generate certificate request and send it to CA server use something like:

Vim
1
./easyrsa build-client-full abhishek@thecustomizewindows.com nopass

Your PKI dir was at /home/user-name/EasyRSA-v3.0.6/pki. The above commond will create ..pki/private/vpn.thecustomizewindows.com.key and ..pki/issued/vpn.thecustomizewindows.com.crt. To export CA certificate in PKCS#12 format use:

Vim
1
./easyrsa export-p12 abhishek@thecustomizewindows.com

Update the status of the certificates in index file:

Vim
1
./easyrsa update-db

To generate DH parameters use:

Vim
1
./easyrsa gen-dh

Tagged With easyrsa build-ca , windows 2019 certification authority create wildcard , easyrsa build-ca nopass , easy rsa CA , easy rsa , create own ca , create my own certificate from windows 2019 certificate authority , create certificate using easyrsa , build-ca windows10 , build windows 2019 certificate authority

This Article Has Been Shared 529 Times!

Facebook Twitter Pinterest
Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to How to Create Own Certificate Authority (CA) With EasyRSA

  • Cloud Sound and Cloud Music Technologies

    Cloud Sound and Cloud Music Technologies are one of the hottest technologies on discussion right now. In this article we have focused on the basic offerings of Cloud Sound and Cloud Music Technologies.

  • Service Level Agreement and Cloud Computing Services

    Service Level Agreement is an important part of Cloud Computing Services like SaaS, PaaS and IaaS. As a customer of any Cloud Computing Services, you must understand this Service Level Agreement.

  • Big Data : Companies are Increasingly Demanding

    Big Data will reach revenues of close to $34 billion of IT spending in 2013, this what Gartner is predicting. Analysis if of global market interested in cloud.

  • WordPress Lost Post Recovery Options on Cloud

    WordPress Lost Post Recovery Options Are Not Less in Number on Cloud, Even Without Backup Failure. If Your FTP Server is Running, Data Can Be Recovered.

  • Tips For Moving WordPress to Cloud IaaS

    Here Are Some Moving WordPress to Cloud IaaS Either From a Traditional Hosting Service. Cloud IaaS is Cost Saving than Dedicated Hosting Services.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (22.1K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • Safe Chargers for Samsung Galaxy S22 Ultra June 27, 2022
  • How Telecoms Can Use The Cloud To Power Their 5G Network June 24, 2022
  • A Beginner Guide to Cloud Computing for Development June 22, 2022
  • 5 Benefits of Using a Virtual Data Room Today June 19, 2022
  • Top System Administration Courses 2022 June 18, 2022

About This Article

Cite this article as: Abhishek Ghosh, "How to Create Own Certificate Authority (CA) With EasyRSA," in The Customize Windows, August 24, 2019, June 28, 2022, https://thecustomizewindows.com/2019/08/how-to-create-own-certificate-authority-ca-with-easyrsa/.

Source:The Customize Windows, JiMA.in

This website uses cookies. If you do not want to allow us to use cookies and/or non-personalized Ads, kindly clear browser cookies after closing this webpage.

Read Privacy Policy.

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2022 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy