Node.js public key infrastructure management library inspired by EasyRSA.
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Node.js EasyRSA

npm version license build status dependencies status devDependencies status Codacy Badge Codacy Badge npm downloads

Node.js public key infrastructure management library inspired by EasyRSA.

  • Uses forge to manage cryptography
  • Provides ready-to-use templates to create your certificate authority: vpn, ssl or mdm.
  • Available both as a cli and a lib.
  • Provides easy-to-use templates for generic use cases (VPN, SSL, MDM)
  • Can easily be plugged to a database backend.


VPN Server setup

  • Command Line Interface
npm i -g easyrsa
easyrsa init-pki
easyrsa build-ca
easyrsa gen-req EntityName
easyrsa sign-req client EntityName
  • Node.js usage
import EasyRSA from 'easyrsa';

const easyrsa = new EasyRSA({pkiDir});

const pkiAttributes = {
  organizationalUnitName: '',
  organizationName: 'Foo',
  localityName: 'Paris',
  stateOrProvinceName: 'Ile-de-France',
  countryName: 'France'

// Build an OpenVPN infrastructure
  .then(() => {
    const commonName = `ca@${myHost}`;
    const attributes = {
    log.warn('Building new CA ...');
    return easyrsa.buildCA({commonName, attributes, serialNumberBytes: 9, privateKey: ca.privateKey})
      .then(({privateKey, cert}) => {'Built new CA with serialNumber="%s"', cert.serialNumber);
  .then(() => {
    const commonName = `server@${myHost}`;
    const attributes = {
      unstructuredName: 'OpenVPN Service'
    };'Generating new server certificate with commonName="%s" ...', commonName);
    return easyrsa.createServer({commonName, attributes, privateKey: vpn.privateKey})
      .then(({privateKey, csr, cert, serial, index}) => {'Built new certificate for commonName="%s" with serialNumber="%s"', commonName, cert.serialNumber);
  .then(() => {
  	const commonName = 'client@${myHost}'
	const {pkiAttributes} = this.config;
    const attributes = {
      unstructuredName: 'My first Client'
    };'Generating new %s client for commonName="%s" ...', type, commonName);
    return easyrsa.createClient({commonName, attributes, privateKey})
      .then(({csr, cert, serial, index}) => {'Built new client certificate with commonName="%s" with serialNumber="%s"', commonName, cert.serialNumber);


  • You can quickly start hacking around
git clone -o github
cd node-easyrsa
npm i
npm start