TinCanTech
commented
1 month ago Simply use Easy-RSA version 3.1.7 from the releases page. 3.1.7 is an LTS release.
Unpack the zip file into your folder of choice, copy your existing PKI to the pki sub-folder and run ./easyrsa from there.
Greetings.
I had submitted an issue a bit ago about upgrading easy-rsa. 1) this is an inherited installation and 2) I'm not an easy-rsa expert by any stretch of the imagination, yet, here I am having to deal with it and I did a little more digging.
Server cert expires in a couple of months. The server has the apt-installed version from the 22.04 LTS repos, v 3.0.8. There is not an upgrade in the repositories, something I'm really surprised at. I'm really unsure of an upgrade path given there's no apt package to upgrade to and likely any instructions I'd find here or elsewhere for an upgrade won't take this into account. The server runs on an AWS EC2 instance.
I see a three different scenarios:
1) Find actual instructions to renew the server cert under 3.0.8 and continue on, the server cert is my only current issue. I have been unsuccessful in finding anything. 2) Find some instructions to upgrade easy-rsa that takes the apt package install into account. 3) Fire another EC2 instance and stand up a new server, installing easy-rsa without using the apt package, which seems to be what all the available guides and information pertain to. Migrating users to the new instance can be done. It wouldn't be hard, just tedious, and a bit of a pain, but manageable.
So would I be better off with number 3 long term? Avoiding the apt package for which there may or may not be an upgrade in the repos? I would like to be on a more current version of easy-rsa as well for some of the enhancements. Would this make future upgrades to easy-rsa easier and safer in the future?
I'm looking for some guidance from the folks who know this best. Anything would be greatly appreciated.
Thank you.