Simple shell-based CA utility for building and managing a PKI (Public Key Infrastructure). Commonly used for OpenVPN certificate management but works for any X.509 PKI needs.
- Command-line PKI management
- Root CA and intermediate CA creation
- Certificate signing and revocation
- Diffie-Hellman parameter generation
- OpenVPN-compatible certificate workflows
- Simple configuration through vars file
- Offline CA operations (air-gapped support)
- PKCS#12 export for client certificates
- OpenVPN server and client certificates
- Small-scale internal PKI
- Development and testing certificates
- WireGuard certificate management
- Simple CA without complex tooling
- Shell scripts (POSIX sh)
- OpenSSL (cryptographic backend)
- Actively maintained by OpenVPN project
- Latest: v3.2.x series
- Official packages for major Linux distributions
- GitHub: OpenVPN/easy-rsa
¶ History and References
Any questions?
Feel free to contact us. Find all contact information on our contact page.