Easy-RSA is a command-line utility that enables you to build Public-Key Infrastructures (PKIs) and provides certificates for OpenVPN. This tutorial guides you on installing and configuring Easy-RSA on your Fedora Server.
Firstly, to install the easy-rsa package on your Fedora server, open up the terminal, and run the following command:
sudo dnf install easy-rsa
This command will install the easy-rsa in your Fedora Server.
After installing the easy-rsa package on your Fedora server, move to the easy-rsa directory with the following command:
cd /usr/share/easy-rsa/3.0.8/
Alternatively, you can check the version of easy-rsa installed on your system by running the following command:
easyrsa --version
Once you're in the easy-rsa directory, copy the contents of the directory by running the following command:
sudo cp -r . /etc/openvpn/easy-rsa/
Make sure you have the openvpn directory created in the /etc/ directory.
Navigate to the easy-rsa directory, where the vars.example file resides. Change the filename to vars using the following command:
sudo mv vars.example vars
Open the vars configuration file using any editor of your choice, such as Nano or Vim:
sudo nano vars
Modify the variables to suit your requirements, i.e., the country, the organization, etc., and then save and close the file.
At this stage, you're now set to generate server and client certificates. Start by building the certificate authority key with the following command:
sudo ./easyrsa init-pki
sudo ./easyrsa build-ca nopass
The first command will initialize the public key infrastructure. The second one will build the CA key. Note that the second command won't require you to input any password.
Next, generate the server certificate files:
sudo ./easyrsa gen-req server nopass
sudo ./easyrsa sign server server
The first command will create the server certificate request. The second command will sign the server request in the previous command.
Finally, generate the Diffie-Hellman key exchange:
sudo ./easyrsa gen-dh
In this guide, we went through the installation and configuration of Easy-RSA on your Fedora Server. You now know how to install the package, move the necessary files and generate server and client certificates. This piece of expertise will enable you to secure a VPN infrastructure with OpenVPN.
If you want to self-host in an easy, hands free way, need an external IP address, or simply want your data in your own hands, give IPv6.rs a try!
Alternatively, for the best virtual desktop, try Shells!
