-
in this code
https://github.com/OpenVPN/easy-rsa/blob/d99bef68e11b0c31171d3d61f881fb94be2263a1/easyrsa3/easyrsa#L1701-L1703
A basicConstraints line is appended to the generation of the temporary ext…
-
With the unique_subject set to no, it is possible to add unlimited certs for a CN.
EasyRSA only maintains all info for the last issued cert for a CN. Earlier created certs for a CN are tracked by the…
-
THIS COMMENT HAS BEEN SUPERSEDED.
Help states:
https://github.com/OpenVPN/easy-rsa/blob/c8e93caafee00ad31a3f9e9f624f7e545e85ab2a/easyrsa3/easyrsa#L451
But `$EASYRSA_CRL_DAYS` is also set:
http…
-
In sign_req() at https://github.com/OpenVPN/easy-rsa/blob/917d0780451dcf926d00f5dcac66627bd81d680d/easyrsa3/easyrsa#L1778 the temporary file tmp_ext is removed.
This file should be kept for user debu…
-
Current:
```
$ more easyrsa3/x509-types/server
# X509 extensions for a server
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
extendedKeyU…
-
When testing PKI database on correctness, a couple of script errors occurred.
It has to do with missing mandatory file_name_base and missing CRL.
Solution would be:
- Check mandatory parameter. O…
-
When running `easyrsa` I am getting the following error message:
```
│ ./easyrsa: line 1276: unsest: not found
```
Looks like a bug was recently introduced here:
https://github.com/OpenVPN/easy…
-
While https://github.com/OpenVPN/easy-rsa/blob/5b4fd2b484adc6e2f506b62eb54fc38adc802766/easyrsa3/easyrsa#L1541 will check the x509-type exists, it does not check that it is not `COMMON`. If type is se…
-
### OS / Environment
Ubuntu 16.04.1 LTS
### Ansible version
ansible 2.2.0.0
### Version of components from `requirements.txt`
Name: boto
Version: 2.45.0
Name: dopy
Version: 0.3.5
Nam…
-
I set the _certificate_ and _private_key_ settings in _openssl-easyrsa.cnf_ to non-default values before calling ./easyrsa init-pki.
Still _./easyrsa build-ca_ created _ca.crt_ and _private/ca.key_…