Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 28 million developers.Sign up
- Fix #17 & #58: use AES256 for CA key
- Also, don't use read -s, use stty -echo
- Fix broken "nopass" option
- Add -r to read to stop errors reported by shellcheck (and to behave)
- remove overzealous quotes around $pkcs_opts (more SC errors)
- Support for LibreSSL (now works on latest version of MacOS)
- EasyRSA version will be reported in certificate comments
- Client certificates now expire in 3 year (1080 days) by default
Minor update that includes the mktemp Windows binary.
Add missing Windows binaries and publish release.
This release addresses some packaging and documentation issues. With 3.0.0, the binaries needed to run EasyRSA on Windows were missing. Additionally, the documentation was released in a format that wasn't easily readable on that platform (markdown).
Please find updated Unix and Windows packages attached. There are NO functionality changes in this release.
This is the official Easy-RSA 3.0 release. The changes between rc2 and this release are relatively minor. The notable changes are:
- -utf8 is now the default. This shouldn't break ASCII but will now support international character strings.
- The private keys are now encrypted with aes256 by default, replacing the former default, 3des
rc2 is the second pre-release in the 3.0 series. A number of fixes have been made; see the ChangeLog for full detials.
Open issues preventing a production-ready release are noted in the
Notable fixes since 3.0.0-rc1 include:
- Fixed support for OpenSSL 0.9.8
- PKCS#7 support
- Support to change private key passphrases
- Other assorted fixes and doc updates
This is the first release in the 3.x series. This "rc1" release is a release candidate; provided there are no notable issues to be fixed, this release is slated to become the official 3.0.0 release. If changes are deemed necessary they will be made, possibly with further rc-releases.
The following Feature Highlights are taken from the EasyRSA-Readme document:
- Easy-RSA is able to manage multiple PKIs, each with their own independent
configuration, storage directory, and X.509 extension handling.
- Multiple Subject Name (X.509 DN field) formatting options are supported. For
VPNs, this means a cleaner commonName only setup can be used.
- A single backend is used across all supported platforms, ensuring that no
platform is 'left out' of the rich features. Unix-alikes (BSD, Linux, etc)
and Windows are all supported.
- Easy-RSA's X.509 support includes CRL, CDP, keyUsage/eKu attributes, and
additional features. The included support can be changed or extended as an
- Interactive and automated (batch) modes of operation
- Flexible configuration: features can be enabled through command-line
options, environment variables, a config file, or a combination of these.
- Built-in defaults allow Easy-RSA to be used without first editing a config
Repackage with a minor CA commit. NOTE: 2.2.1 was released as empty zip files. No use with that!
*** The 2.2.2 original windows builds have been removed as they were missing the openssl configuration files. A new 2.2.2-1 windows build has been published below. ***
This is primarily a maintenance release in preparation of a 2.x branch and the introduction of a 3.x codebase. In addition, there are now two distinct release files, one bundles for Windows and the other bundled for *nix OSes.
- Change key size from 1024 to 2048 bits
- code styling changes (whitespace/tabbing,heredocs)
- minor changes to the Makefile