Download EasyRSA from https://github.com/OpenVPN/easy-rsa/releases
Generate new CA and signed server cert:
cp vars.example vars
# vi vars
#. . .
set_var EASYRSA_REQ_COUNTRY "US"
set_var EASYRSA_REQ_PROVINCE "NewYork"
set_var EASYRSA_REQ_CITY "New York City"
set_var EASYRSA_REQ_ORG "DigitalOcean"
set_var EASYRSA_REQ_EMAIL "admin@example.com"
set_var EASYRSA_REQ_OU "Community"
#. . .
./easyrsa init-pki
./easyrsa build-ca nopass
./easyrsa gen-req server nopass
./easyrsa sign-req server server
./easyrsa gen-dh
openvpn --genkey --secret ta.key
Generate new signed client cert:
./easyrsa gen-req client1 nopass
./easyrsa sign-req client client1
Just to be on a safe side, we'll erase data in three different ways:
dd if=/dev/urandom of=/dev/nvmeX bs=1M status=progress
dd if=/dev/zero of=/dev/nvmeX bs=1M status=progress
blkdiscard -s /dev/nvmeX