-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
In gen-req --batch option generates request with "subject=CN = ChangeMe" #456
Milestone
Comments
Do you mean this ?
|
Yes, exactly |
You can work around that with something like: declare -a certnames
certnames=( 'cert1' 'cert2' 'cert3 )
for certname in ${certnames[@]}; do
./easyrsa --batch --req-cn=${certname} gen-req ${certname} nopass
./easyrsa --batch --req-cn=${certname} sign-req client ${certname} nopass
done Also +1 for the easyrsa gen-req CertName nopass batch version of the command. I had no idea it of it's existence. |
This is a bug for sure. We'll try to address this in v3.0.9. |
This comment is completely wrong:
This is what actually happens:
This is another case of abusing |
This was referenced Apr 2, 2022
TinCanTech
added a commit
to TinCanTech/easy-rsa
that referenced
this issue
Sep 8, 2022
Due to my previous misunderstanding of the intended use of --req-cn, it is no longer possible to set commonName for command gen-req. Ref: OpenVPN#524 OpenVPN#456 This commit restores v30x series behavior: * --req-cn can only be used in batch mode. * --req-cn can only be used by commands build-ca and gen-req. * SSL layer prompts are restored to original behavior. Important: The use of internal batch mode is no longer required for command sign_req(), when called by build_full(). This code has been disabled but remains in place. This is a considerable change under the hood but there is no user observable difference. Also, minor improvements to help and EasyRSA-Advanced.md Tested manually and thoroughly. Closes: OpenVPN#668 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To reproduce:
easyrsa --batch gen-req CertName nopass
and look at it:
openssl req -in CertName.req -noout -subject
But
easyrsa gen-req CertName nopass batch
works fine
The text was updated successfully, but these errors were encountered: