Comment
Author: Admin | 2025-04-28
Be offline or completely shut down when you are not actively working with your CA.Note: The last section of this tutorial is optional if you would like to learn about signing and revoking certificates. If you choose to complete those practice steps, you will need a second Ubuntu 20.04 server or you can also use your own local Linux computer running Ubuntu or Debian, or distributions derived from either of those.Step 1 — Installing Easy-RSAThe first task in this tutorial is to install the easy-rsa set of scripts on your CA Server. easy-rsa is a Certificate Authority management tool that you will use to generate a private key, and public root certificate, which you will then use to sign requests from clients and servers that will rely on your CA.Login to your CA Server as the non-root sudo user that you created during the initial setup steps and run the following:sudo apt updatesudo apt install easy-rsaYou will be prompted to download the package and install it. Press y to confirm you want to install the package.At this point you have everything you need set up and ready to use Easy-RSA. In the next step you will create a Public Key Infrastructure, and then start building your Certificate Authority.Step 2 — Preparing a Public Key Infrastructure DirectoryNow that you have installed easy-rsa, it is time to create a skeleton Public Key Infrastructure (PKI) on the CA Server. Ensure that you are still logged in as your non-root user and create an easy-rsa directory. Make sure that you do not use sudo to run any of the following commands, since your normal user should manage and interact with the CA without elevated privileges.mkdir ~/easy-rsaThis will create a new directory called easy-rsa in your home folder. We’ll use this directory to create symbolic links pointing to the easy-rsa package files that we’ve installed in the previous step. These files are located in the /usr/share/easy-rsa folder on the CA Server.Create the symlinks with the ln command:ln -s /usr/share/easy-rsa/* ~/easy-rsa/Note: While other guides might instruct you to copy the easy-rsa package files into your PKI
Add Comment