easy-rsa
dehydrated
Our great sponsors
easy-rsa | dehydrated | |
---|---|---|
26 | 36 | |
3,881 | 5,902 | |
1.2% | 3.4% | |
9.4 | 2.3 | |
6 days ago | about 2 months ago | |
Shell | Shell | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
easy-rsa
-
Running one’s own root Certificate Authority in 2023
Easy-rsa to the rescue. Been using it for a while, works great and makes life easier :)
Link: https://github.com/OpenVPN/easy-rsa
Summary from that page:
easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms, this means to create a root certificate authority, and request and sign certificates, including intermediate CAs and certificate revocation lists (CRL).
-
How to invalidate the usage of a OpenVpn client without revoke it in the CA Server?
No, OpenVPN relies on the CA trust model. Anyone signed by the CA has access, unless they have been revoked (CRL): https://github.com/OpenVPN/easy-rsa/blob/master/doc/EasyRSA-Renew-and-Revoke.md
-
Best OpenVPN web UI for a small business
Then make do with the CLI. There might be some tooling to help you, e.g. https://github.com/OpenVPN/easy-rsa
-
AMA/Brown Bag: OpenVPN / EasyRSA
Hey folks. I'm one of the authors for Mastering OpenVPN, the author of Troubleshooting OpenVPN, and the maintainer of EasyRSA. In light of Apollo and other 3rd party apps going dark on the 30th, I figured I'd "turn in my notice" on Reddit and do the normal sysadmin data dump/brown bag before I'm gone. I've really enjoyed this group and hope things get sorted in the long run.
-
PFSense Tutorial - Self signing of SSL/TLS Certificate (cause not all have the money to buy one) - https://youtu.be/aj5FUFMn9f0
Correct. That applies to OpenVPN. There's a tool that OpenRSA maintains that help with creating those certificates, EasyRSA: https://github.com/OpenVPN/easy-rsa
-
Invalid Security Certificate Warnings are ANNOYING
Regarding the keys, csr and certificates it's pretty easy to manage them with easy-rsa (https://github.com/OpenVPN/easy-rsa)
-
How to import server or client certificate on AWS Certificate Manager (ACM)
$ git clone https://github.com/OpenVPN/easy-rsa.git
-
How to manage lots of self-signed certificates
Depending on your use case, either https://github.com/FiloSottile/mkcert or https://github.com/OpenVPN/easy-rsa
-
Totally local web server on HTTPS.
If you can add CAs to the hosts that will access this server, you can be your own certificate authority. mkcert is good, as mentioned elsewhere, or you can go all out: https://github.com/OpenVPN/easy-rsa
- Private CA management
dehydrated
-
Dehydrated: Letsencrypt/acme client implemented as a shell-script
From this commit:
https://github.com/dehydrated-io/dehydrated/commit/b116e6bc2...
-
Running one’s own root Certificate Authority in 2023
I've had a lot of success with https://github.com/dehydrated-io/dehydrated . It exposes the different parts of the process (deploy challenge to DNS, deploy cert to filesystem, etc) as hooks, so it's pretty easy to integrate with anything and however you want, if you don't mind writing a bit of bash. There's a few scripts out there that use Cloudflare that you can use as well.
-
How do you renew SSL certificates?
Depend on host's capability... - lego - dehydrated - caddy - in case it already works as a web server, it will automatically issue and renew certs
-
SSL cert for DSM on Synology
Take a look at this great project : https://github.com/dehydrated-io/dehydrated/wiki : many dns providers are documented.
-
Write Posix Shell
> Oh, and that 500-line shell script probably ends up being a 5000-line Python monster anyway.
The dehydrated ACME client is 2400 lines of bash/zsh:
* https://github.com/dehydrated-io/dehydrated
And its external dependencies are OpenSSL and cURL. The acme.sh shell ACME client is 8000 lines of shell:
* https://github.com/acmesh-official/acme.sh
The official Let's Encrypt client is written in Python, and the core 'executable' is much longer, and in addition it pulls in a boatload of dependencies:
* https://packages.debian.org/bullseye/python3-certbot
-
ZeroSSL: XSS to session hijacking, stealing a private key (and password hash)
Dehydrated.io, damn few dependencies.
You're welcome.
https://github.com/dehydrated-io/dehydrated
-
Looking for help with VIRTUAL_HOST set up and 502 Bad Gateway (possible bad SSL?)
I prefer dehydrated as an ACME client because it's written in bash and the only dependencies are sed, awk, grep, and openssl. This will also leave you free to customize your nginx config as necessary without having to try to cram your needs into a generator that doesn't account for what you're trying to do. It seems odd to me that the generator would create the intermediary file (as per your quoted output above), but then not put that in the nginx config.
-
Knowing when to tell somone to call it quits...
This project has helped us immensely with cert renewals - https://github.com/dehydrated-io/dehydrated
- Does it really suck this much to set up SSL?
- Canonical releases Ubuntu 22.10 Kinetic Kudu
What are some alternatives?
OpenSSL - TLS/SSL and crypto library
acme.sh - A pure Unix shell script implementing ACME client protocol
cfssl - CFSSL: Cloudflare's PKI and TLS toolkit
letsencrypt - Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
FreeIPA - Mirror of FreeIPA, an integrated security information management solution
acme-dns - Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
LetsEncrypt-PRTG - Post request script to install an SSL certificate obtained with Certify the Web or win-acme in PRTG.
lego - Let's Encrypt/ACME client and library written in Go
BounCA - BounCA is a web tool to generate self-signed SSL certificates and setup a key infrastructure
synology-tls - Automatically Update Let's Encrypt Wildcard Certificates for Synology NAS
certify - Professional ACME Client for Windows. Certificate Management UI, powered by Let's Encrypt and compatible with all ACME v2 CAs. Download from certifytheweb.com
portainer-traefik-letsencrypt - This repository will help you install Portainer with Traefik and Let's Encrypt with much ease!