-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cannot fully automate with --batch option #73
Comments
This is a bug, and it isn't at the same time. Your procedure above makes no modifications to the common name environment variable. The error you're seeing is due to both the server CN being set to ChangeMe along with the client1 certificate CN being the same. Obviously, the program should provide an option to define CN and the --batch option should handle this gracefully. |
yes, modify client and server with unique CN works mkdir $HOME/clientside mkdir $HOME/serverside |
Found at least how to use options in batch mode:
There are many parameters for batch mode, including: Certificate & Request options: (these impact cert/req field values)
--days=# : sets the signing validity to the specified number of days
--digest=ALG : digest to use in the requests & certificates
--dn-mode=MODE : DN mode to use (cn_only or org)
--keysize=# : size in bits of keypair to generate
--req-cn=NAME : default CN to use
--subca-len=# : path length of signed sub-CA certs; must be >= 0 if used
--subject-alt-name : Add a subjectAltName. For more info and syntax, see:
./easyrsa help altname
--use-algo=ALG : crypto alg to use: choose rsa (default) or ec
--curve=NAME : for elliptic curve, sets the named curve to use
Organizational DN options: (only used with the 'org' DN mode)
(values may be blank for org DN options)
--req-c=CC : country code (2-letters)
--req-st=NAME : State/Province
--req-city=NAME : City/Locality
--req-org=NAME : Organization
--req-email=NAME : Email addresses
--req-ou=NAME : Organizational Unit |
Hi everyone. I hope this will help solve this issue. I'm using Docker as a mechanism to get a perfectly reproducable environment to isolate this bug. Within a fresh Docker container running Bash on Ubuntu,
Output I see:
I expect to see |
Please try again with current |
This appears to be resolved:
The two reqs:
|
cannot fully automate with --batch option, and cannot enter passphrase from file or inline
The following gives an Error
mkdir $HOME/clientside
cd $HOME/clientside
git clone git://github.com/OpenVPN/easy-rsa
cd easy-rsa/easyrsa3
./easyrsa init-pki
./easyrsa --batch gen-req client1 nopass
mkdir $HOME/serverside
cd $HOME/serverside
git clone git://github.com/OpenVPN/easy-rsa
cd easy-rsa/easyrsa3
./easyrsa init-pki
./easyrsa --batch build-ca nopass
./easyrsa --batch gen-req server nopass
./easyrsa --batch sign-req server server
./easyrsa --batch import-req $HOME/clientside/easy-rsa/easyrsa3/pki/reqs/client1.req client1
./easyrsa --batch sign-req client client1
ERROR
$ ./easyrsa --batch sign-req client client1
Using configuration from ....serverside/easy-rsa/easyrsa3/openssl-1.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :PRINTABLE:'ChangeMe'
.....
failed to update database
TXT_DB error number 2
Easy-RSA error:
signing failed (openssl output above may have more detail)
workaround don't batch the following line
./easyrsa gen-req server nopass
*** manually press return ***
The text was updated successfully, but these errors were encountered: