search

OpenVPN / easy-rsa

easy-rsa - Simple shell based CA utility
Other
4.08k stars 1.2k forks source link

EasyRSA-3.2.1: easyrsa export-p12 with usefn is not working #1246

Closed zappee closed 1 month ago

zappee commented 1 month ago

I am using EasyRSA-3.1.7 and the following command works like a charm:

./easyrsa \
    --passin="pass:$EASYRSA_PASS" \
    --passout="pass:$EASYRSA_PASS" \
    export-p12 "$domain" usefn

After upgrade to EasyRSA-3.2.1 my scripts are failing with this error:

Unknown command option: 'usefn'

The easyrsa help export-p12 shows me the supported commands but usefn is not there. So I removed usefn from the end of my command but now applications are complaining about a wrong certificate:

tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead

Unfortunately I could not found any EasyRSA migration document or any info about this change. What is the alternative way to use the usefn with the latest release?

Thanks.

TinCanTech commented 1 month ago

@zappee The use of a freindly_name was changed between v3.1.x and v3.2.x.

https://github.com/OpenVPN/easy-rsa/commit/da9e59477f8c580143db1657ff5bea98c6ff4531

With v3.2.1 the freindly_name is always set as the fine_name_base. This can be changed with global option --usefn=$freindly_name, to use a different name. Or with command option nofn, to clear the freindly_name.

zappee commented 1 month ago

thanks!