search

simonwep / openvpn-pihole

🕵️ A truly delicious combination of two wonderful pieces of software to setup a pi.hole-backed VPN as quick as possible.
MIT License
70 stars 22 forks source link

CN=ChangeMe in the certificate #6

Closed TheNighthawk99 closed 1 year ago

TheNighthawk99 commented 2 years ago

Hello Simon, first of all, many thanks for your effort in building this really good app. I installed some days ago and now I would like to set specific rules based on clients' names. I know that for this purpose I need to have configured the CN field.

What I observed is this: 1) when I create a client profile, it looks like the CN is correctly setup. The following is the output for a test.ovpn:

Generate client certificate...
With password...
Using SSL: openssl OpenSSL 1.1.1  11 Sep 2018
Generating a RSA private key
.......................++++
......................................++++
writing new private key to '/opt/app/easy-rsa/pki/easy-rsa-354.tMEzz9/tmp.tOcYz7'
-----
./easyrsa: 341: set: Illegal option -o echo
Using SSL: openssl OpenSSL 1.1.1  11 Sep 2018
Using configuration from /opt/app/easy-rsa/pki/easy-rsa-377.hkgN63/tmp.5BTZuW
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'test'
Certificate is to be certified until Jul 24 07:58:41 2024 GMT (825 days)

Write out database with 1 new entries
Data Base Updated
./easyrsa: 341: set: Illegal option -o echo
Sync pki directory...
Generate .ovpn file...
OpenVPN Client configuration successfully generated!
Checkout openvpn/clients/test.ovpn

2) The problem: when I inquiry the created certificate I get this:

[username@hostname  clients]$ openssl x509 -subject -noout -in test.ovpn 
subject= /CN=ChangeMe

CN is the default "ChangeMe".

I don't have many skills on the matter, so I don't know how to fix this issue.

Could you help me please in funding a solution? Thank you. Bye.

simonwep commented 2 years ago

Hey @TheNighthawk99! Sorry for coming back to you that late, you can take a look at this which states:

During the creation process, you will also select a name for the CA called the Common Name (CN.) This name is purely for display purposes and can be set as you like.

Since in my case it didn't matter I left it to just "ChangeMe"...

simonwep commented 1 year ago

I just checked again, you can change that in openvpn/config/easy-rsa.vars if you want :)