An easy way to use the official EasyRSA collection of shell scripts in your application

Fund package maintenance!

1.0.1 2020-07-29 04:48 UTC

This package is auto-updated.

Last update: 2022-06-29 01:57:05 UTC


Latest Stable Version Total Downloads Build Status Code Coverage Code Climate Scrutinizer Code Quality License

EasyRSA wrapper for PHP

An easy way to use the official EasyRSA collection of shell scripts in your application.

composer require evilfreelancer/easyrsa-php

By the way, EasyRSA library support Laravel and Lumen frameworks, details here.

How to use

More examples you can find here.

Download the latest release of EasyRSA

Before you start use this script need to download the easy-rsa package.

require_once __DIR__ . '/../vendor/autoload.php';

use EasyRSA\Downloader;

$dnl = new Downloader([
    'archive' => './easy-rsa.tar.gz',
    'scripts' => './easy-rsa',


Result of this script will be in easy-rsa folder.

Generate certificates

require_once __DIR__ . '/../vendor/autoload.php';

use Dotenv\Dotenv;
use EasyRSA\Commands;

// Load dotenv?
if (file_exists(__DIR__ . '/../vars.example')) {
    Dotenv::createImmutable(__DIR__ . '/../', 'vars.example')->load();

$cmd = new Commands([
    'scripts' => './easy-rsa',
    'certs'   => './easy-rsa-certs',

$cmd->buildServerFull('server', true);
$cmd->buildClientFull('client1', true);
$cmd->buildClientFull('client2', true);

Result of this script will be in easy-rsa-certs folder.

List of all available commands

Method Description
getContent(string $filename) Show content of any certificate available in "certs" folder
initPKI() Instantiate Public Key Infrastructure (PKI)
buildCA(bool $nopass = false) Build Certificate Authority (CA)
genDH() Generate Diffie-Hellman certificate (DH)
genReq() Generate request for certificate
signReqClient(string $filename) Sign request for client certificate
signReqServer(string $filename) Sign request for server certificate
buildClientFull(string $name, bool $nopass = false) Build public and private key of client
buildServerFull(string $name, bool $nopass = false) Build public and private key of server
revoke(string $filename) Revoke certificate
genCRL() Generate Certificate Revocation List (CRL)
updateDB() Update certificates database
showCert(string $filename) Display information about certificate
showReq(string $filename) Display information about request
importReq(string $filename) Import request
exportP7(string $filename) Export file in format of Public-Key Cryptography Standards (PKCS) v7 (P7)
exportP12(string $filename) Export file in format of Public-Key Cryptography Standards (PKCS) v12 (P12)
setRSAPass(string $filename) Set password in Rivest–Shamir–Adleman (RSA) format
setECPass(string $filename) Set password in Elliptic Curve (EC) format

You also can read content of generated certificate via getConfig($filename) method:

require_once __DIR__ . '/../vendor/autoload.php';

use \EasyRSA\Commands;

$cmd = new Commands([
    'scripts' => './easy-rsa',
    'certs'   => './easy-rsa-certs',

$file = $cmd->getContent('ca.crt');
echo "$file\n";

$file = $cmd->getContent('server.crt');
echo "$file\n";

$file = $cmd->getContent('server.key');
echo "$file\n";

Environment variables

You can set these variables via environment on host system or with help of vlucas/phpdotenv library or via any other way which you like.

EASYRSA_REQ_CITY="San Francisco"
EASYRSA_REQ_ORG="Copyleft Certificate Co"
EASYRSA_REQ_OU="My Organizational Unit"

Example of environment variables configuration which should be used on certificate build stage can be fond here.

Frameworks support


The package's service provider will automatically register its service provider.

Publish the easy-rsa.php configuration file:

php artisan vendor:publish --provider="EasyRSA\Laravel\ServiceProvider"

Alternative configuration method via .env file

After you publish the configuration file as suggested above, you may configure library by adding the following to your application's .env file (with appropriate values):



If you work with Lumen, please register the service provider and configuration in bootstrap/app.php:


Manually copy the configuration file to your application.


This library can tested in multiple different ways

composer test:lint
composer test:types
composer test:unit

or just in one command

composer test