easy-rsa

easy-rsa copied to clipboard

Certificates signed with easy-rsa should not output text form, as in many other PKI systems (e.g. Let's Encrypt). That is, only binary representation (that including BEGIN CERTIFICATE - END CERTIFICATE) should be in the certificate by passing -notext option to openssl ca.

This has been discussed before #440

The following points are crucial:

• EasyRSA uses the default output settings from OpenSSL.
• The human readable data included is chosen by OpenSSL not EasyRSA.
• The human readable data included in the certificate is the public key data.

There are two possible outcomes:

• An easyrsa option no-text is added to sign-req. This would then output only the binary portion of the certificate.

• No change to easyrsa. The user can remove the text portion manually.

The text portion of the certificate can be easily accessed by anybody with a copy of the certificate file by simply passing it to openssl:

• openssl x509 -in certificate.crt -noout -text

Therefore, at this time, adding a no-text option to easyrsa has not been implemented.

The only questions which remain are:

• What are you trying to hide ?
• Who are you trying to hide that from ?

@TinCanTech I think we can go with the first option (adding no-text option).

You could run openssl x509 -in <path_to>/<certificate>.crt -out <new_path_to>/<certificate>.crt this will remove the text. I WANT the plain text output in those issued certs in the pki directory

It seems like an easy (and natural) thing to just copy the certs as they exist (pem encoded) in the pki as most software supports that format. However I suggest this raw copy isn't ideal, it should be an export operation. As easyrsa has no export-pem (or export-der) option, the command line listed above suffices (and I'd still probably use my own scripts as I use subCAs and also private keys for leaf certs are not available to the CA/subCAs).

A certificate is a public key.

Anybody who wishes to strip the text out of their certificate file can do so manually.

#129