This is a very simple PKI aimed mainly at issuing certificates for your home OpenVPN server. But you can, of course, adapt it for whatever other uses you have in mind.
OpenVPN has easy-rsa
which is not actually as easy as it could be. This project is just like easy-rsa
only much easier and without RSA (because elliptic curves are the future).
- Execute
init.sh
form theserver
directory.
This sets up your very own Certificate Authority and issues its first certificate – for the VPN server.
- Point your server config to
ca/ca.crt
,server.key
andserver.crt
.
- Send
setup.sh
from theclient
directory to the user. - Tell them to run
./setup.sh
. - Ask them to send you the certificate request that they’ve got on their screen.
- Execute
sign.sh
from theserver
directory. - Paste the certificate request.
- Check the request details and confirm certification.
- ??? TBD
- PROFIT