TinCanTech

Linking: #1087 #1089

Superseded-by: #1111 Contribution attributed.

No matter how you renew a CA, this still requires that the client update their certificates. However, all of the updates required here are public data and can be shared...

The idea of keeping CSR's is good but I think this may be better as (yet another) option: - eg: `easyrsa init-pki rebuild-pki` This is intended for use by a...

Which version of EasyRSA are you using ? ~Where have you `uncommented the value of set_var EASYRSA_SSL_CONF openssl-easyrsa.cnf` ? Do you mean that you edited the `vars` file ?~ Got...

@GLADtr There is no need to apologize, this issue is valid. And yes, there is a **basic logical flaw** having certain variables in `vars`. I have been phasing out the...

With current `v3.2`, you would **not** use the `vars` file to set `easyrsa-openssl.cnf`. Instead, you would make your changes to `pki/openssl-easyrsa.cnf` and the script would use your file, in this...

EasyRSA `v317` was intentionally made to conform to traditional `v31x` methodology, broken or not. EasyRSA `v32x` is being intentionally developed to replace the old methodologies , specifically to remove inconsistencies...

If this PR is merged then the following are required: - SAN must be completely separated from _Extra extensions_... - `gen-req` requires support for `--san`: Use OpenSSL command `req -addext`...

**I must make this point clear**: `easyrsa` is causing more headaches from OLD code than OpenSSL. The last commit f6a6e75ec95f7db4fa9ccc5aba7ff68f5fcd4d18 was to remove default SAN. I stand by this decision...