when creating a root CA, get SAN error on key creation

[kernelsmith]

when running create-root-ca -d $ROOT_CA_DIR, on a default Raspbian distro, from current HEAD (97d849664ada49a668589cbc99e14d5818c86a66), I get a config file error during RSA key generation. I don't have the full text of the error, but it's essentially a STR_COPY:variable has no value:conf_def:584:line 91 and line 91 of ca.conf is subjectAltName = $ENV::SAN. If I export an env var SAN="DNS.1=blah" etc, the key creation, and thus create-root-ca, succeeds.

I don't know if I missed something from the README, but if I have not, something should be added to it, or a default value etc provided so an initial run doesn't fail, or if it fails, it fails with some guidance to the user.

[bubbapizza]

Yep that's definitely a bug. Creating a root CA should at least work with the default values.

[hakt0r]

The issue is caused by newer versions of OpenSSL which enforce subjectAltName in all certificates. I worked around by adding something like this in bin/create-root-ca:

...
40 source ${HOME}/bin/defaults.conf
41 export SAN=$CA_DOMAIN # set SAN to make new OpenSSL happy
...

Certainly some thought needs to be spent on a sane default for this.

[kernelsmith]

@redredgroovy any chance of getting this or something similar merged?

[kernelsmith]

@redredgroovy anything? @hakt0r any chance you could create a pull request to this repo from your fork? It looks like the pull request you created on Sep 21, 2017 is against your own fork

[rdammkoehler]

So I tried @hakt0r 's fix, made a presumptive PR (sorry about that) and it still isn't working. I'm looking forward to a solution though, I really need this to work right now ;-) Thanks.

[rdammkoehler]

OK, now I have a PR that works, https://github.com/redredgroovy/easy-ca/pull/3 . Sorry again @hakt0r but I gotta get it working.

[KrzysztofHajdamowicz]

I can confirm that #3 works for me