| Port details on branch 2024Q3 |
- easy-rsa Small RSA key management package based on openssl
- 3.2.2,1 security
 =19      3.2.2,1Version of this port present on the latest quarterly branch. - Maintainer: mandree@FreeBSD.org
- Port Added: 2013-01-13 21:35:17
- Last Update: 2025-02-13 21:30:21
- Commit Hash: 8897502
- People watching this port, also watch:: openvpn, pkg, ca_root_nss, sqlite3, curl
- Also Listed In: net-mgmt
- License: GPLv2
- WWW:
- https://github.com/OpenVPN/easy-rsa
- Description:
- Easy-RSA is a small RSA key management package, based on the openssl
command line tool, that can be found in the easy-rsa subdirectory of the
OpenVPN distribution. While this tool is primary concerned with key
management for the SSL VPN application space, it can also be used for
building web certificates.
  ¦  ¦  ¦  ¦ 
- Manual pages:
- FreshPorts has no man page information for this port.
- pkg-plist: as obtained via:
make generate-plist - Dependency lines:
-
- easy-rsa>0:security/easy-rsa
- To install the port:
- cd /usr/ports/security/easy-rsa/ && make install clean
- To add the package, run one of these commands:
- pkg install security/easy-rsa
- pkg install easy-rsa
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.- PKGNAME: easy-rsa
- Flavors: there is no flavor information for this port.
- distinfo:
- TIMESTAMP = 1739481666
SHA256 (EasyRSA-3.2.2.tgz) = 86c5a551566213dac83d402f2a08c897063ef3e12033cd331cb4903280283209
SIZE (EasyRSA-3.2.2.tgz) = 86324
Packages (timestamps in pop-ups are UTC):
- This port has no dependencies.
- This port is required by:
- for Run
-
- security/openvpn
- security/openvpn-devel
-
Deleted ports which required this port:
- * - deleted ports are only shown under the This port is required by section. It was harder to do for the Required section. Perhaps later...
Configuration Options:- ===> The following configuration options are available for easy-rsa-3.2.2,1:
DOCS=on: Build and/or install documentation
EXAMPLES=on: Build and/or install examples
===> Use 'make config' to modify these settings
- Options name:
- security_easy-rsa
- USES:
- tar:tgz
- pkg-message:
-
NOTE: easyrsa will require you to initialize a PKI upon first use.
ONLY for the very first run for a new PKI, do something such as this,
assuming you will have its data in $HOME/my_new_pki:
easyrsa --pki-dir=$HOME/my_new_pki init-pki # DANGEROUS - DESTROYS ~/my_new_pki
See /usr/local/share/doc/easy-rsa/README.quickstart.md for further information.
An on-line help is available, you can run:
easyrsa help # for help on commands
easyrsa help options # for help on options
**** SECURITY WARNING FOR PAST security/easy-rsa versions ****
**** easyrsa may have encrypted your CA private key with a weak cipher
Per CVE-2024-13454, Easy-RSA 3.0.5 inclusively up to and including 3.1.7,
when used with OpenSSL 3, may have accidentally encrypted the CA private
key with a weak cipher, des-ede3-cbc, instead of the intended aes-256-cbc,
when a CA was created with the easyrsa build-ca command.
Such mistakes cannot be corrected by upgrading Easy-RSA alone.
The standing recommendation for CA private keys is to
re-encrypt the CA private keys with the aes-256-cbc cipher,
by using the easyrsa set-pass ca command.
For details, see https://community.openvpn.net/openvpn/wiki/CVE-2024-13454.
**** END SECURITY WARNING FOR PAST security/easy-rsa versions ****
- Master Sites:
|
As an Amazon Associate I earn from qualifying purchases.