GoCrack uses SSL client authentication for Worker and Server communication. If you do not have an internal CA that can generate certificates for server and client authentication, you may use EasyRSA.
Checkout the code via git
$ git clone https://github.com/OpenVPN/easy-rsa.git
$ cd easy-rsa
Configure EasyRSA. Inside the easyrsa3 folder is a vars.example that contains all the possible configuration directives for your CA and certificates. Use this as a starting point to create a vars file in the same directory.
Note: Unlike previous version of EasyRSA, you do NOT need to source this file. At a bare minimum your vars file should look like this
set_var EASYRSA_REQ_COUNTRY "US"
set_var EASYRSA_REQ_PROVINCE "Virginia"
set_var EASYRSA_REQ_CITY "Alexandria"
set_var EASYRSA_REQ_ORG "Consulting"
set_var EASYRSA_REQ_EMAIL "enter.a.email.here@mydomain.com"
set_var EASYRSA_REQ_OU "GoCrack"
$ ./easyrsa init-pki
$ ./easyrsa build-ca # You'll want to enter a strong PEM passphrase as this is used to sign certificate requests. When asked for a name, you can use "GoCrack CA"
Note: EasyRSA will force you to set a password on certificates created. You will need to use OpenSSL to decrypt them as to not require a password every time the service starts up (not supported).
$ ./easyrsa build-server-full gocrack.server.local
You should generate a unique certificate for each GoCrack worker you start.
Note: EasyRSA will force you to set a password on certificates created. You will need to use OpenSSL to decrypt them as to not require a password every time the service starts up (not supported).
$ ./easyrsa build-server-full gocrack.worker1.local
To decrypt the encrypted private keys generated by EasyRSA, run this command from the pki/private directory; replacing the -in and -out with your file names.
$ openssl rsa -in gocrack.server.local.key -out gocrack.server.local.key.dec
You'll need to do this for all private keys used by GoCrack.