Comments (1)
TinCanTech
commented on July 18, 2024
From PR: #1150
Fixed example 1.0:
tct@home:/dev/shm/easyrsa$ EASYRSA_TOOLS_LIB=/home/tct/git/easy-rsa/tct-fork/master/dev/easyrsa-tools.lib EASYRSA_OPENSSL=/home/tct/libressl/libressl-3.8.2/apps/openssl/openssl easyrsa --verbose --nopass --san=DNS:www.example.org --san=IP:10.0.0.1 --keep-tmp=lssl build-client-full c04
# select_vars: PWD/vars
Using Easy-RSA 'vars' configuration:
* /dev/shm/easyrsa/vars
# source_vars: CLEAN '/dev/shm/easyrsa/vars'
# source_vars: sourced OK '/dev/shm/easyrsa/vars'
# mutual_exclusions: COMPLETED
# > EASYRSA_EXT_DIR: built-in
# > EASYRSA_SSL_CONF: /dev/shm/easyrsa/pki/openssl-easyrsa.cnf
# > EASYRSA_TOOLS_LIB: /home/tct/git/easy-rsa/tct-fork/master/dev/easyrsa-tools.lib
# locate_support_files: COMPLETED
# verify_ssl_lib():
Using SSL:
* /home/tct/libressl/libressl-3.8.2/apps/openssl/openssl LibreSSL 3.8.2
# verify_working_env: BEGIN
# secure_session: CREATED: /dev/shm/easyrsa/pki/956d84f3
# write_easyrsa_ssl_cnf_tmp: SSL config EXISTS
# write_easyrsa_ssl_cnf_tmp: SSL config IGNORED
# easyrsa_mktemp: ssl_cnf_tmp OK: /dev/shm/easyrsa/pki/956d84f3/temp.0.1
# write_easyrsa_ssl_cnf_tmp: SSL config using temp-file
# verify_algo_params: Params verified for algo 'rsa'
# verify_working_env: COMPLETED Handover-to: build-client-full
# build_full: BEGIN gen_req
# easyrsa_mktemp: adjusted_ssl_cnf_tmp OK: /dev/shm/easyrsa/pki/956d84f3/temp.1.1
# easyrsa_mktemp: key_out_tmp OK: /dev/shm/easyrsa/pki/956d84f3/temp.2.1
# easyrsa_mktemp: req_out_tmp OK: /dev/shm/easyrsa/pki/956d84f3/temp.3.1
# > easyrsa_openssl - BEGIN req
# escape_hazard: RUN-ONCE
# escape_hazard: REPLACED by heredoc expansion
# escape_hazard: ABANDONED
# expand_ssl_config: REQUIRED
# expand_ssl_config: RUN-ONCE
# easyrsa_mktemp: safe_ssl_cnf_tmp OK: /dev/shm/easyrsa/pki/956d84f3/temp.4.1
# expand_ssl_config: via 'write' COMPLETED
# expand_ssl_config: EASYRSA_SSL_CONF = /dev/shm/easyrsa/pki/956d84f3/temp.4.1
# easyrsa_openssl: OPENSSL_CONF = /dev/shm/easyrsa/pki/956d84f3/temp.4.1
Note: OPENSSL_CONF = /dev/shm/easyrsa/pki/956d84f3/temp.4.1
Fixed example 1.1:
Generating a 2048 bit RSA private key
..........................................
.....................................
writing new private key to '/dev/shm/easyrsa/pki/956d84f3/temp.2.1'
-----
Notice
------
Private-Key and Public-Certificate-Request files created.
Your files are:
* req: /dev/shm/easyrsa/pki/reqs/c04.req
* key: /dev/shm/easyrsa/pki/private/c04.key
# build_full: END gen_req
# build_full: BEGIN sign_req
# > easyrsa_openssl - BEGIN req
# escape_hazard: RUN-ONCE
# escape_hazard: REPLACED by heredoc expansion
# escape_hazard: ABANDONED
# expand_ssl_config: BYPASSED
# easyrsa_openssl: OPENSSL_CONF = /dev/shm/easyrsa/pki/956d84f3/temp.4.1
# check_serial_unique: unique_serial=true
# easyrsa_mktemp: adjusted_ssl_cnf_tmp OK: /dev/shm/easyrsa/pki/956d84f3/temp.5.1
# sign_req: Using 'copy_extensions = copy'
# sign_req: EASYRSA_SSL_CONF = /dev/shm/easyrsa/pki/956d84f3/temp.5.1
# easyrsa_mktemp: write_x509_file_tmp OK: /dev/shm/easyrsa/pki/956d84f3/temp.6.1
# write_x509_type_tmp: client COMPLETE
# easyrsa_mktemp: write_x509_file_tmp OK: /dev/shm/easyrsa/pki/956d84f3/temp.7.1
# write_x509_type_tmp: COMMON COMPLETE
# easyrsa_mktemp: ext_tmp OK: /dev/shm/easyrsa/pki/956d84f3/temp.8.1
# sign_req: Generated extensions file OK
You are about to sign the following certificate:
Requested CN: 'c04'
Requested type: 'client'
Valid for: '825' days
subject=
commonName = c04
X509v3 Subject Alternative Name:
DNS:www.example.org, IP:10.0.0.1
Type the word 'yes' to continue, or any other input to abort.
Confirm request details: yes
# easyrsa_mktemp: crt_out_tmp OK: /dev/shm/easyrsa/pki/956d84f3/temp.9.1
# > easyrsa_openssl - BEGIN ca
# escape_hazard: RUN-ONCE
# escape_hazard: REPLACED by heredoc expansion
# escape_hazard: ABANDONED
# expand_ssl_config: BYPASSED
# easyrsa_openssl: OPENSSL_CONF = /dev/shm/easyrsa/pki/956d84f3/temp.5.1
Using configuration from /dev/shm/easyrsa/pki/956d84f3/temp.5.1
Note: OPENSSL_CONF = /dev/shm/easyrsa/pki/956d84f3/temp.5.1
Fixed example 1.2:
Enter pass phrase for /dev/shm/easyrsa/pki/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'c04'
Certificate is to be certified until Aug 31 18:50:51 2026 GMT (825 days)
Write out database with 1 new entries
Data Base Updated
# sign_req: signed cert 'c04' OK
Notice
------
Certificate created at:
* /dev/shm/easyrsa/pki/issued/c04.crt
# build_full: END sign_req
Notice
------
Inline file created:
* /dev/shm/easyrsa/pki/inline/c04.inline
Temp session preserved: /dev/shm/easyrsa/pki/tmp/lssl
# Exit: Final Success = true
The correct OPENSSL_CONF file is used each time and verbose output confirms this.
from easy-rsa.
Related Issues (20)
- CA Private Key will be encrypted with des-ede3-cbc during build-ca with OpenSSL 3.x HOT 7
- Add self-signed certificates to status reports
- Typo in 'verify-cert' output HOT 1
- Fully integrate self-signed certificates
- Remove `OPENSSL_CONF=/dev/null`
- [SECURITY] Possible Code Injection Issue HOT 6
- Revert ca76697: Remove escape_hazard()
- Add CA certificate to expiry report `show-expire`
- Revert changes made for Windows 10/11 `mkdir -p` failure
- `dev/easyrsa-tools.lib` missing in release build HOT 1
- mandatory SAN HOT 16
- EasyRSA Behavior Change - 3.0.8 - 3.2.0 - EASYRSA_REQ_CN / --req-cn /--subject-alt-name HOT 18
- UT failure from `easyrsa-tools.lib` for command `show-expire`
- Importing the CA certificates for OpenVPN clients and internal domains. HOT 1
- Outline use and expansion of `openssl-easyrsa.cnf` HOT 1
- Windows 7: `gen-crl` always prompts for over-write
- `display_dn()`: Remove unnecessary subshell
- `sign-req`: `--cop-ext` is removed by `--force-safe-ssl`
- Command `write`: Allow to specify target file instead of directory
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from easy-rsa.