diff --git a/security/easy-rsa/Makefile b/security/easy-rsa/Makefile
index aa2c27d0dba7..8750cce8ee58 100644
--- a/security/easy-rsa/Makefile
+++ b/security/easy-rsa/Makefile
@@ -1,11 +1,10 @@
 # $FreeBSD$
 
 PORTNAME=	easy-rsa
-DISTVERSION=	3.0.5
-PORTREVISION=	1
+DISTVERSION=	3.0.6
 CATEGORIES=	security net-mgmt
 MASTER_SITES=	https://github.com/OpenVPN/easy-rsa/releases/download/v${DISTVERSION}/
-DISTNAME=	EasyRSA-nix-${DISTVERSION}
+DISTNAME=	EasyRSA-unix-v${DISTVERSION}
 
 # Eric F. Crist <ecrist@secure-computing.net> does not require my
 # approval for changes to this package. -- mandree@FreeBSD.org
@@ -19,12 +18,14 @@ CONFLICTS_INSTALL=easy-rsa2-*
 USES=		tar:tgz
 NO_BUILD=	yes
 
-WRKSRC=		${WRKDIR}/EasyRSA-${DISTVERSION}
+WRKSRC=		${WRKDIR}/EasyRSA-v${DISTVERSION}
+
+PATCH_STRIP=	-p2
 
 OPTIONS_DEFINE=		DOCS EXAMPLES
 
 PORTDATA=	x509-types/
-_pd_files=	ChangeLog README.quickstart.md
+_pd_files=	ChangeLog COPYING.md README.md README.quickstart.md
 _pd_dirs=	doc/
 PORTDOCS=	${_pd_files} ${_pd_dirs}
 
diff --git a/security/easy-rsa/distinfo b/security/easy-rsa/distinfo
index 97d5a9d7d81f..4a8269185a17 100644
--- a/security/easy-rsa/distinfo
+++ b/security/easy-rsa/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1537015455
-SHA256 (EasyRSA-nix-3.0.5.tgz) = 5ebfe7dfa20008aa15cecb136f2b308f6e23e29f17568969a3ba772aa50bbb37
-SIZE (EasyRSA-nix-3.0.5.tgz) = 50270
+TIMESTAMP = 1553337199
+SHA256 (EasyRSA-unix-v3.0.6.tgz) = cb29aed2d27824e59dbaad547f11dcab380a53c9fe05681249e804af436f1396
+SIZE (EasyRSA-unix-v3.0.6.tgz) = 40840
diff --git a/security/easy-rsa/files/patch-37edb7d1d724571508b4c1c55c6d53f3f768adb3 b/security/easy-rsa/files/patch-37edb7d1d724571508b4c1c55c6d53f3f768adb3
new file mode 100644
index 000000000000..94cd605bebd8
--- /dev/null
+++ b/security/easy-rsa/files/patch-37edb7d1d724571508b4c1c55c6d53f3f768adb3
@@ -0,0 +1,24 @@
+From 37edb7d1d724571508b4c1c55c6d53f3f768adb3 Mon Sep 17 00:00:00 2001
+From: Eric F Crist <ecrist@secure-computing.net>
+Date: Mon, 4 Feb 2019 13:01:09 -0600
+Subject: [PATCH] Remove RANDFILE var from openssl-easyrsa.cnf
+
+This fixes #261.
+
+Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
+---
+ easyrsa3/openssl-easyrsa.cnf | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/easyrsa3/openssl-easyrsa.cnf b/easyrsa3/openssl-easyrsa.cnf
+index 1139414..22a1eda 100644
+--- a/easyrsa3/openssl-easyrsa.cnf
++++ b/easyrsa3/openssl-easyrsa.cnf
+@@ -1,6 +1,4 @@
+-# For use with Easy-RSA 3.1 and OpenSSL or LibreSSL
+-
+-RANDFILE		= $ENV::EASYRSA_PKI/.rnd
++# For use with Easy-RSA 3.0+ and OpenSSL or LibreSSL
+ 
+ ####################################################################
+ [ ca ]
diff --git a/security/easy-rsa/files/patch-4ce6e9c8e4b681c739b179a506a8ad1ca6d6ebe4 b/security/easy-rsa/files/patch-4ce6e9c8e4b681c739b179a506a8ad1ca6d6ebe4
new file mode 100644
index 000000000000..431d6492759d
--- /dev/null
+++ b/security/easy-rsa/files/patch-4ce6e9c8e4b681c739b179a506a8ad1ca6d6ebe4
@@ -0,0 +1,31 @@
+From 4ce6e9c8e4b681c739b179a506a8ad1ca6d6ebe4 Mon Sep 17 00:00:00 2001
+From: Stefan Pietsch <mail.ipv4v6+gh@gmail.com>
+Date: Fri, 8 Feb 2019 00:11:08 +0100
+Subject: [PATCH] Fix typo
+
+---
+ easyrsa3/openssl-easyrsa.cnf | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/easyrsa3/openssl-easyrsa.cnf b/easyrsa3/openssl-easyrsa.cnf
+index 22a1eda..2184d4c 100644
+--- a/easyrsa3/openssl-easyrsa.cnf
++++ b/easyrsa3/openssl-easyrsa.cnf
+@@ -19,7 +19,7 @@ crl		= $dir/crl.pem 		# The current CRL
+ private_key	= $dir/private/ca.key	# The private key
+ RANDFILE	= $dir/.rand		# private random number file
+ 
+-x509_extensions	= basic_exts		# The extentions to add to the cert
++x509_extensions	= basic_exts		# The extensions to add to the cert
+ 
+ # This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
+ # is designed for will. In return, we get the Issuer attached to CRLs.
+@@ -57,7 +57,7 @@ default_bits		= $ENV::EASYRSA_KEY_SIZE
+ default_keyfile 	= privkey.pem
+ default_md		= $ENV::EASYRSA_DIGEST
+ distinguished_name	= $ENV::EASYRSA_DN
+-x509_extensions		= easyrsa_ca	# The extentions to add to the self signed cert
++x509_extensions		= easyrsa_ca	# The extensions to add to the self signed cert
+ 
+ # A placeholder to handle the $EXTRA_EXTS feature:
+ #%EXTRA_EXTS%	# Do NOT remove or change this line as $EXTRA_EXTS support requires it
diff --git a/security/easy-rsa/files/patch-easyrsa b/security/easy-rsa/files/patch-easyrsa
deleted file mode 100644
index 88970077412b..000000000000
--- a/security/easy-rsa/files/patch-easyrsa
+++ /dev/null
@@ -1,46 +0,0 @@
---- easyrsa~	2018-09-14 23:21:19.000000000 -0500
-+++ easyrsa	2018-09-15 10:21:49.241886000 -0500
-@@ -415,7 +415,6 @@
- 
- # init-pki backend:
- init_pki() {
--	vars_source_check
- 
- 	# If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH)
- 	if [ -e "$EASYRSA_PKI" ]; then
-@@ -432,6 +431,11 @@
- 	for i in private reqs; do
- 		mkdir -p "$EASYRSA_PKI/$i" || die "Failed to create PKI file structure (permissions?)"
- 	done
-+	
-+	if [ ! -f "$EASYRSA_PKI/openssl-easyrsa.cnf" -a -f "$EASYRSA/openssl-easyrsa.cnf" ];
-+	then
-+		cp "$EASYRSA/openssl-easyrsa.cnf" "$EASYRSA_PKI/openssl-easyrsa.cnf"
-+	fi
- 
- 	notice "\
- init-pki complete; you may now create a CA or requests.
-@@ -1180,18 +1184,15 @@
- 	set_var EASYRSA_REQ_CN		ChangeMe
- 	set_var EASYRSA_DIGEST		sha256
- 
--	# Detect openssl config, preferring EASYRSA_PKI over EASYRSA
--	if [ -f "$EASYRSA_PKI/openssl-easyrsa.cnf" ]; then
--		set_var EASYRSA_SSL_CONF	"$EASYRSA_PKI/openssl-easyrsa.cnf"
--		set_var EASYRSA_SAFE_CONF	"$EASYRSA_PKI/safessl-easyrsa.cnf"
--	else	set_var EASYRSA_SSL_CONF	"$EASYRSA/openssl-easyrsa.cnf"
--		set_var EASYRSA_SAFE_CONF	"$EASYRSA/safessl-easyrsa.cnf"
--	fi
-+	set_var EASYRSA_SSL_CONF	"$EASYRSA_PKI/openssl-easyrsa.cnf"
-+	set_var EASYRSA_SAFE_CONF	"$EASYRSA_PKI/safessl-easyrsa.cnf"
- 
- 	# Same as above for the x509-types extensions dir
- 	if [ -d "$EASYRSA_PKI/x509-types" ]; then
- 		set_var EASYRSA_EXT_DIR		"$EASYRSA_PKI/x509-types"
--	else	set_var EASYRSA_EXT_DIR		"$EASYRSA/x509-types"
-+	else	
-+		#TODO: This should be removed.  Not really suitable for packaging.
-+		set_var EASYRSA_EXT_DIR		"$EASYRSA/x509-types"
- 	fi
- 
- 	# EASYRSA_ALGO_PARAMS must be set depending on selected algo
diff --git a/security/easy-rsa/files/patch-zgit-c5ff31e8 b/security/easy-rsa/files/patch-zgit-c5ff31e8
deleted file mode 100644
index b5dbcbb7c0bb..000000000000
--- a/security/easy-rsa/files/patch-zgit-c5ff31e8
+++ /dev/null
@@ -1,11 +0,0 @@
---- easyrsa
-+++ easyrsa
-@@ -546,7 +546,7 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
- 	if [ $sub_ca ]; then
- 		notice "\
- NOTE: Your sub-CA request is at $out_file
--and now must be sent to you parent CA for signing. Place your resulting cert
-+and now must be sent to your parent CA for signing. Place your resulting cert
- at $EASYRSA_PKI/ca.crt prior to signing operations.
- "
- 	else	notice "\