How to Install Easy-RSA on Debian Latest

Easy-RSA is a command-line tool used to create X.509 certificate authority (CA) and generate certificates for OpenVPN. In this tutorial, we will be installing Easy-RSA on Debian latest.

Prerequisites

Before proceeding with the installation process, ensure that you have the following prerequisites:

  • Debian latest installed
  • Root access or a user account with sudo privileges.

Step 1: Update the Debian System

Before you begin installing Easy-RSA, update your Debian system by running the following command:

sudo apt update && sudo apt upgrade

Step 2: Install Required Dependencies

Easy-RSA requires some dependencies to function correctly. Use the following command to install them:

sudo apt install openssl wget make

Step 3: Download Easy-RSA

Easy-RSA can be downloaded from the official OpenVPN repository on Github. Navigate to the directory where you want to download Easy-RSA and use the following command:

wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.8/EasyRSA-unix-v3.0.8.tgz

Step 4: Extract Easy-RSA

In this step, extract the downloaded Easy-RSA archive. Use the following command for that:

tar -xvzf EasyRSA-unix-v3.0.8.tgz

After extraction, you should have a new directory called EasyRSA-v3.0.8.

Step 5: Initialize PKI and Build the CA

Easy-RSA needs to create a Public Key Infrastructure (PKI) to generate certificates. You can do this by executing the following commands:

cd EasyRSA-v3.0.8/
./easyrsa init-pki
./easyrsa build-ca

The init-pki command will initialize the PKI and create a directory called pki. The build-ca command will create the CA certificate and key, and save them in the pki directory. You will be prompted to enter a passphrase for the CA.

Step 6: Generate Certificates

After creating the CA, you can generate individual certificates. Use the following command to generate a client certificate:

./easyrsa build-client-full CLIENTNAME

The CLIENTNAME should be replaced by the desired name of the client. You can find the generated certificate and key in the pki directory.

Conclusion

You have now learned how to install Easy-RSA on Debian latest. You have also learned how to create a CA and generate certificates for clients. You can use these certificates with OpenVPN to secure your network traffic.