Create OpenVPN/easy-rsa certificate from public key only



  • I have been using easyrsa to generate client certificates for my application using the method described here.

    The build-client-full command generates a fresh private key for each client. This is what I currently use... run build-client-full send the private key, certificate and ca cert to the client.

    What I want to do is have the client generate their own private key locally, send me their public key, and I make the certificate and send it to the client where me as the CA decides the properties of the cert (Common name specifically).

    How do I go about it? If I have the client generate CSR, how do I edit the properties in easyrsa before signing? Is easyrsa too simple for this and I need something more complex?



  • You can use import-req command to import client csr and then sign it. For more info check the documentation of easy-rsa program




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2