CA Machine ~ Install OpenVPN

[4pr3nd1z]

hello friends, I'm starting in the world of vpn.
I am recently following a tutorial on how to install Openvpn on Debian Linux.
I have managed to install using the command apt install openvpn
but looking at the packages that are installed with this command I have noticed that the "easyrsa" is installed by itself and investigating where it did it I find that it is installed in the directory: /usr/share/easy-rsa

and following "another tutorial", they say that you have to download EasyRSA from the project page;
I would like to know if said package is identical to the one downloaded from: https://github.com/OpenVPN/easy-rsa/rel ... -3.0.8.tgz

somewhere I have read that to create a CA machine, it is better to do it in one that is offline. So I come to the conclusion that you should not use this package that installs itself in: /usr/share/easy-rsa.

Please excuse me if I'm wrong about anything, thanks in advance.

[TinCanTech]

All the key files in you PKI, particularly the ca.key, are security sensitive private data.

When you build your PKI, or add new server or client keys, the ca.key is required.
Once you have a working PKI, it is recommended to store the ca.key behind an "air gapped" device.

[4pr3nd1z]

All the key files in you PKI, particularly the ca.key, are security sensitive private data.

When you build your PKI, or add new server or client keys, the ca.key is required.
Once you have a working PKI, it is recommended to store the ca.key behind an "air gapped" device.

@TinCanTech thanks for the info

It is important to better understand some concepts, and not just follow a few simple steps that are cited in the tutorials without going deeper into them.

we are advancing little by little.