How to Install Easy-RSA on Windows 10

Easy-RSA is an open-source package that provides users with a simple and straightforward way to create and manage Public Key Infrastructure (PKI) certificates for use with OpenVPN. In this tutorial, we will guide you on how to install Easy-RSA on a Windows 10 machine.

Prerequisites

Before we proceed to install Easy-RSA, we need to have the following prerequisites on our Windows 10 machine:

  • Git - a version control system tool used to clone the Easy-RSA repository Download Git
  • OpenSSL - an open-source toolkit used to generate the necessary certificates Download OpenSSL

Make sure to download and install these prerequisites before proceeding with the installation of Easy-RSA.

Step 1: Clone the Easy-RSA Repository

  1. Open the Command Prompt by pressing "Windows + R" and typing cmd then press "Enter" on your keyboard.

  2. Enter the following command to navigate to the directory where you want the Easy-RSA files to be cloned:

cd <directory>

Note: Replace <directory> with the desired directory.

  1. Clone the Easy-RSA repository using Git by entering the following command:
git clone https://github.com/OpenVPN/easy-rsa.git

Step 2: Set up the Environment Variables

  1. Open the Command Prompt and type the following command:
setx OPENSSL_CONF "C:\Program Files\OpenSSL-Win64\bin\openssl.cfg"

Note: Replace C:\Program Files\OpenSSL-Win64\bin\openssl.cfg with the path to the OpenSSL configuration file, which is typically located in the bin directory of the OpenSSL installation.

  1. Restart the Command Prompt for the changes to take effect.

Step 3: Generate the PKI Certificates

  1. Navigate to the Easy-RSA directory where you cloned the repository.

  2. Open the vars.example file with a text editor and modify it to your preference.

  3. Rename the vars.example file to vars.

  4. Initialize the PKI by running the following command:

.\easyrsa init-pki
  1. Generate the Certificate Authority (CA) by running the following command:
.\easyrsa build-ca

Note: Follow the on-screen prompts to complete the certificate generation process.

  1. Generate the Server and Client Certificates by running the following commands:
.\easyrsa gen-req server nopass
.\easyrsa sign-req server server
.\easyrsa gen-req client nopass
.\easyrsa sign-req client client
  1. The certificates and keys will be generated in the pki directory within the Easy-RSA directory.

Conclusion

In this tutorial, we have successfully installed Easy-RSA on a Windows 10 machine, set up the necessary environment variables, and generated PKI certificates required for OpenVPN.