How to Install easy-rsa on Ubuntu Server Latest

In this tutorial, we will guide you step by step to install easy-rsa, a tool for creating your own certificate authority and easily requesting and managing SSL/TLS certificates, on Ubuntu Server Latest.

Prerequisites

Before we start, make sure that:

  • You have a user account with sudo privileges, or you are logged in as the root user.
  • The Ubuntu system is up to date, and you can install new packages.

Step 1 - Install easy-rsa from the Ubuntu Repository

The easy-rsa package is available in the Ubuntu repository, and you can install it using the following command:

sudo apt-get update
sudo apt-get install -y easy-rsa

The package will install all required dependencies, including openssl.

Step 2 - Configure easy-rsa

After installation, navigate to the easy-rsa directory:

cd /usr/share/easy-rsa

Inside the directory, you will find a vars.example file. You need to create a copy of this file and name it vars.

cp vars.example vars

To edit vars, use the text editor of your choice. We will use nano:

sudo nano vars

In the file, you will find several variables that you can modify according to your preferences. In this tutorial, we will not change anything, but you can set the variables to match your environment and use case.

Step 3 - Initialize a New PKI

Before you can start using easy-rsa, you need to create a new PKI (Public Key Infrastructure).

To do this, navigate to the easy-rsa directory and execute the following command:

./easyrsa init-pki

The command will create a new pki directory and all required subdirectories and files.

Step 4 - Generate a CA Certificate

To generate a new CA (Certificate Authority) certificate, execute the following command:

./easyrsa build-ca

You will be prompted to confirm the generation of a new certificate. Press Enter to accept the default settings, or type nopass to generate a certificate without a passphrase.

The command will create a new CA certificate and key file in the pki directory.

Step 5 - Generate a Server Certificate

To generate a new server certificate, execute the following command:

./easyrsa build-server-full server_name

Replace server_name with the name of your server. You will be prompted to confirm the generation of a new certificate. Press Enter to accept the default settings, or type nopass to generate a certificate without a passphrase.

The command will create a new server certificate and key file in the pki directory.

Step 6 - Generate a Client Certificate

To generate a new client certificate, execute the following command:

./easyrsa build-client-full client_name

Replace client_name with the name of your client. You will be prompted to confirm the generation of a new certificate. Press Enter to accept the default settings, or type nopass to generate a certificate without a passphrase.

The command will create a new client certificate and key file in the pki directory.

Conclusion

Congratulations! You have successfully installed easy-rsa on Ubuntu Server Latest and generated a new PKI, CA certificate, server certificate, and client certificate.

You can now use these certificates to secure your server and client connections.