Comments (5)
I have at moment next uncommented strings:
`it@datasrv:~/easyrsa$ grep -v "^#" easyrsa3/vars
set_var EASYRSA_PKI "$PWD/pki"
set_var EASYRSA_DN "org"
set_var EASYRSA_REQ_COUNTRY ""
set_var EASYRSA_REQ_PROVINCE ""
set_var EASYRSA_REQ_CITY ""
set_var EASYRSA_REQ_ORG ""
set_var EASYRSA_REQ_EMAIL ""
set_var EASYRSA_REQ_OU ""
set_var EASYRSA_KEY_SIZE 2048
set_var EASYRSA_ALGO rsa
set_var EASYRSA_CA_EXPIRE 3650
set_var EASYRSA_CERT_EXPIRE 1080
set_var EASYRSA_TEMP_FILE "$EASYRSA_PKI/extensions.temp"
set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/x509-types"
set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf"
set_var EASYRSA_DIGEST "sha256"`
Maybe I'm wrong in my reasoning, but - I apologize for the following words, but this is not logical. The parameter you specified works by default. and to guess about such a connection - you need to know this and understand the script itself. This is difficult without diving into the topic.
Once again I apologize.
from easy-rsa.
Which version of EasyRSA are you using ?
Where have you uncommented the value of set_var EASYRSA_SSL_CONF openssl-easyrsa.cnf
? Do you mean that you edited the vars
file ?
Got it, you did edit the vars
file.
Ok, I think I understand the problem:
EASYRSA_PKI
expands to an empty string in thevars
file, unless you also uncomment#set_var EASYRSA_PKI "$PWD/pki"
in thevars
file.
Please try uncommenting #set_var EASYRSA_PKI "$PWD/pki"
in the vars
file and try again.
from easy-rsa.
@GLADtr There is no need to apologize, this issue is valid.
And yes, there is a basic logical flaw having certain variables in vars
.
I have been phasing out the variables from vars
which cause this problem .. but I have to try to maintain backward compatibility for the most part.
In this specific issue, you have selected to define the openssl-easyrsa.cnf
file. This is now considered to be an advanced configuration and, once again yes, you have found an issue with the way vars
is currently expected to work. This way is not my design.
from easy-rsa.
With current v3.2
, you would not use the vars
file to set easyrsa-openssl.cnf
. Instead, you would make your changes to pki/openssl-easyrsa.cnf
and the script would use your file, in this PKI.
To specify a different PKI, from default pki/
, you would use command line option --pki=<YOUR_PKI>
. This approach also fixes this issue because EASYRSA_PKI
is defined on the command line, not the vars
file.
Also, current v32x
built-in vars.example
file does not have the setting for EASYRSA_SSL_CONF
. This is how I have decided to stage this change. I may also change the distribution vars.example
file before v3.2.0
release (Undecided).
from easy-rsa.
EasyRSA v317
was intentionally made to conform to traditional v31x
methodology, broken or not.
EasyRSA v32x
is being intentionally developed to replace the old methodologies , specifically to remove inconsistencies like this issue.
Which is why this issue is valid, and @GLADtr thank you for reporting it.
from easy-rsa.
Related Issues (20)
- openssl execution fails when --enddate is used HOT 7
- `gen-crl` should use `-crldays` not `-days` HOT 1
- Command `write` is not compatible with `--verbose` mode HOT 1
- Command `write` syntax details
- `build-ca`, password cannot use `$` character HOT 9
- `sign-req`: Cert. `$serial` number is only 32bit
- Abandon `escape_hazard()` - Replace with heredoc expansion HOT 1
- LibreSSL: Command `x509`, does not support option `-ext`
- Input/output error: Cannot create openssl-easyrsa.cnf HOT 11
- Windows 10 plus no longer correctly supports `mkdir -p` HOT 7
- EasyRSA on Windows 11 with `mksh` hangs HOT 3
- Easy-RSA hangs on Windows 11
- vars file not found HOT 3
- Windows Users of Easy-RSA
- Make `vars` stackable
- Incorrect SAN entries presented on signing confirmation HOT 2
- sign-req not honoring --req-c, --req-st, --req-city, ... and falling back to CSR values HOT 5
- Ending support for certificate `file_name_base` disconnect from `commonName`
- section [ easyrsa_ca ] in openssl-easyrsa.cnf is ignored HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from easy-rsa.