Create OpenVPN/easy-rsa certificate from public key only
I have been using easyrsa to generate client certificates for my application using the method described here.
build-client-fullcommand generates a fresh private key for each client. This is what I currently use... run
build-client-fullsend the private key, certificate and ca cert to the client.
What I want to do is have the client generate their own private key locally, send me their public key, and I make the certificate and send it to the client where me as the CA decides the properties of the cert (Common name specifically).
How do I go about it? If I have the client generate CSR, how do I edit the properties in easyrsa before signing? Is easyrsa too simple for this and I need something more complex?
You can use import-req command to import client csr and then sign it. For more info check the documentation of easy-rsa program