easy-rsa
easy-rsa copied to clipboard
OpenVPN
easy-rsa - Simple shell based CA utility
Greetings, I am the packager of the Easy-RSA package for FreeBSD. In our post-install scripot, we install the .example files for openssl-easyrsa.cnf and vars into /usr/local/share/easy-rsa (= $DATADIR), and install...
Allow specifying `--enddate` CLI option to specify an explicit "Not After" validity for the client certificate.
Hello, a pull-request to add a 'publish' feature to easy-rsa. The rational is as follows: I use easy-rsa at two locations, lets call them SHARED and PRIVATE. SHARED is used...
Trying to upgrade to 3.0.9, but saw the `easyrsa init-pki` runtime failure: ``` ==> easyrsa init-pki * WARNING: Failed to install required data-files to PKI. (init) Easy-RSA error: init-pki failed...
The **_Classical_** way to use `easyrsa`, is to have all the necessary supporting data to be present in the current working directory. Necessary supporting data [NSD]: - **`easyrsa` script** file....
`default_server_san()` mistakes a `commonName` for an IP address when the CN "looks like" an IP address. **Example**: Input: ``` easyrsa build-server-full 1.2.3.4 nopass ``` Result: ``` Certificate: Data: Version: 3...
This is a proposal batch allowing to specify a custom CN using ``` export EASYRSA_REQ_CN="Some-openVPN-server" easyrsa --batch build-server-full server nopass ``` while keeping the filenames..
Alongside the subject-alt-name fix https://github.com/OpenVPN/easy-rsa/issues/126, chrome wants the CA certificate to be used as digitalSignature. ### How to replicate ##### Invalid CA 1. Generate a signed certificate. 1. Import in...
mktemp create a world readable file in /tmp to temporary save CA password. An attacker could either read this file during build-ca or retrieve it afterwards directly from disk blocks...
**`easyrsa` warns with the error: `Failed to install required data-files to PKI`** This is howto fix-it: - Copy `openssl-easyrsa.cnf` **file** to your PKI folder. - Copy `x509-types` **folder** to your...