easy-rsa
cli
easy-rsa | cli | |
---|---|---|
26 | 8 | |
3,914 | 3,524 | |
0.8% | 1.2% | |
9.5 | 9.2 | |
7 days ago | 7 days ago | |
Shell | Go | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
easy-rsa
-
Running one’s own root Certificate Authority in 2023
Easy-rsa to the rescue. Been using it for a while, works great and makes life easier :)
Link: https://github.com/OpenVPN/easy-rsa
Summary from that page:
easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms, this means to create a root certificate authority, and request and sign certificates, including intermediate CAs and certificate revocation lists (CRL).
-
How to invalidate the usage of a OpenVpn client without revoke it in the CA Server?
No, OpenVPN relies on the CA trust model. Anyone signed by the CA has access, unless they have been revoked (CRL): https://github.com/OpenVPN/easy-rsa/blob/master/doc/EasyRSA-Renew-and-Revoke.md
-
Best OpenVPN web UI for a small business
Then make do with the CLI. There might be some tooling to help you, e.g. https://github.com/OpenVPN/easy-rsa
-
AMA/Brown Bag: OpenVPN / EasyRSA
Hey folks. I'm one of the authors for Mastering OpenVPN, the author of Troubleshooting OpenVPN, and the maintainer of EasyRSA. In light of Apollo and other 3rd party apps going dark on the 30th, I figured I'd "turn in my notice" on Reddit and do the normal sysadmin data dump/brown bag before I'm gone. I've really enjoyed this group and hope things get sorted in the long run.
-
PFSense Tutorial - Self signing of SSL/TLS Certificate (cause not all have the money to buy one) - https://youtu.be/aj5FUFMn9f0
Correct. That applies to OpenVPN. There's a tool that OpenRSA maintains that help with creating those certificates, EasyRSA: https://github.com/OpenVPN/easy-rsa
-
Invalid Security Certificate Warnings are ANNOYING
Regarding the keys, csr and certificates it's pretty easy to manage them with easy-rsa (https://github.com/OpenVPN/easy-rsa)
-
How to import server or client certificate on AWS Certificate Manager (ACM)
$ git clone https://github.com/OpenVPN/easy-rsa.git
-
How to manage lots of self-signed certificates
Depending on your use case, either https://github.com/FiloSottile/mkcert or https://github.com/OpenVPN/easy-rsa
-
Totally local web server on HTTPS.
If you can add CAs to the hosts that will access this server, you can be your own certificate authority. mkcert is good, as mentioned elsewhere, or you can go all out: https://github.com/OpenVPN/easy-rsa
- Private CA management
cli
-
Google will disable all but OAuth for IMAP, SMTP and POP starting Sept. 30
https://github.com/smallstep/cli implements some OAuth flows from the CLI, it may be helpful for you.
- Running one’s own root Certificate Authority in 2023
- Uacme: ACMEv2 client written in plain C with minimal dependencies
-
OpenSSL as a GUI
Is the according command line tool (https://github.com/smallstep/cli) from smallstep free and behind this GUI?
-
If you’re not using SSH certificates you’re doing SSH wrong
And they have an open issue for producing a chocolatey package: https://github.com/smallstep/cli/issues/365
-
Should you use Let's Encrypt for internal hostnames?
I'm biased because I'm the founder of the company, but you should check out the certificate management toolchain (CA[1] and CLI[2]) we've built at smallstep. A big focus of the project is human-friendliness. It's not perfect (yet) but I think we've made some good progress.
We also have a hosted option[3] with a free tier that should work for individuals, homelabs, pre-production, and even small production environments. We've started building out a management UI there, and it does map to the CLI as you've described :).
[1] https://github.com/smallstep/certificates
[2] https://github.com/smallstep/cli
[3] https://smallstep.com/certificate-manager/
-
SSH Keys How Are You Managing Them All?
https://github.com/smallstep/cli is pretty amazing, tbh. Documentation is just as stellar!
-
Recommend: Linux-Equivalent Tool of mkcert
https://github.com/smallstep/cli may be a bit overkill for your needs, but it's an epic toolkit and well worth checking out!
What are some alternatives?
OpenSSL - TLS/SSL and crypto library
jose-jwt - Ultimate Javascript Object Signing and Encryption (JOSE), JSON Web Token (JWT) and Json Web Keys (JWK) Implementation for .NET and .NET Core
cfssl - CFSSL: Cloudflare's PKI and TLS toolkit
slips - SatoshiLabs Improvement Proposals
FreeIPA - Mirror of FreeIPA, an integrated security information management solution
authy - Go library and program to access your Authy TOTP secrets.
LetsEncrypt-PRTG - Post request script to install an SSL certificate obtained with Certify the Web or win-acme in PRTG.
ssh-baseline - DevSec SSH Baseline - InSpec Profile
BounCA - BounCA is a web tool to generate self-signed SSL certificates and setup a key infrastructure
mkcert - A simple zero-config tool to make locally trusted development certificates with any names you'd like.
certify - Professional ACME Client for Windows. Certificate Management UI, powered by Let's Encrypt and compatible with all ACME v2 CAs. Download from certifytheweb.com
sio-go - Authenticated encryption for streams in Go