ruby-easyrsa
Generate OpenVPN certificate and keys with Ruby using this gem.
Installation
Via command line use gem:
gem install easyrsa
or add it to your projects Gemfile:
gem 'easyrsa'
and simply require it in your code:
require 'easyrsa'
Usage
First, set your issuer configuration like so:
EasyRSA.configure do |issuer|
issuer.email = '[email protected]'
issuer.name = 'MrKickass'
issuer.server = 'vpnserver.company.com'
issuer.country = 'US'
issuer.state = 'NY'
issuer.city = 'New York'
issuer.company = 'My Company'
issuer.orgunit = 'IT'
end
Generate a Client Certificate
Use the EasyRSA::Certificate class to generate the certificate:
cn = 'Users Common Name'
email = '[email protected]'
easyrsa = EasyRSA::Certificate.new(@ca_cert, @ca_key, cn, email)
g = easyrsa.generate
#=> [:key => '...RSA KEY...', :crt => '...CERTIFICATE...']
Note
ca_certandca_keyshould point to the same certificate and keys that are included in your OpenVPN configuration file.
Generate the CA files
The following can be used to create a Certificate Authority:
ca = EasyRSA::CA.new('CN=openvpn/DC=example/DC=com')
g = ca.generate
#=> [:key => '...RSA KEY...', :crt => '...CERTIFICATE...']
Revoking Certificates
The following can be used to create revoke a certificate:
easyrsa = EasyRSA::Certificate.new(@ca_cert, @ca_key, 'mike', '[email protected]')
g = easyrsa.generate
r = EasyRSA::Revoke.new g[:crt]
crl = r.revoke! @ca_key
#=> -----BEGIN X509 CRL-----
# MIIBjTCB9wIBATANBgkqhkiG9w0BAQsFADCBpDELMAkGA1UEBhMCVVMxETAPBgNV
Generating Deffie-Hellman
The following can be used to generate Deffie-Hellman:
easyrsa = EasyRSA::DH.new
g = easyrsa.generate
puts g
#=> -----BEGIN DH PARAMETERS-----
Credits
Many thanks to: