--- /usr/share/easy-rsa/openssl-1.0.cnf 2017-12-06 16:28:25.169198201 +0100 +++ /root/easy-rsa-example/openssl-1.0.cnf 2017-12-12 17:51:30.472207304 +0100 @@ -1,6 +1,23 @@ # For use with Easy-RSA 3.0 and OpenSSL 1.0.* +EASYRSA="/root/easy-rsa-example" +EASYRSA_PKI="$EASYRSA/pki" +EASYRSA_CERT_EXPIRE="3650" +EASYRSA_CRL_DAYS="180" +EASYRSA_DIGEST="sha256" +EASYRSA_KEY_SIZE="2048" +EASYRSA_DN="cn_only" # use only CN +# EASYRSA_DN="org" # use the "traditional" Country/Province/City/Org/OU/email/CN format +EASYRSA_REQ_CN="" +EASYRSA_REQ_COUNTRY="US" +EASYRSA_REQ_PROVINCE="California" +EASYRSA_REQ_CITY="San Francisco" +EASYRSA_REQ_ORG="Copyleft Certificate Co"" +EASYRSA_REQ_OU="My Organizational Unit" +EASYRSA_REQ_EMAIL="me@example.net" -RANDFILE = $ENV::EASYRSA_PKI/.rnd + + +RANDFILE = $EASYRSA_PKI/.rnd #################################################################### [ ca ] @@ -9,7 +26,7 @@ #################################################################### [ CA_default ] -dir = $ENV::EASYRSA_PKI # Where everything is kept +dir = $EASYRSA_PKI # Where everything is kept certs = $dir # Where the issued certs are kept crl_dir = $dir # Where the issued crl are kept database = $dir/index.txt # database index file. @@ -27,9 +44,9 @@ # is designed for will. In return, we get the Issuer attached to CRLs. crl_extensions = crl_ext -default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for -default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL -default_md = $ENV::EASYRSA_DIGEST # use public key default MD +default_days = $EASYRSA_CERT_EXPIRE # how long to certify for +default_crl_days= $EASYRSA_CRL_DAYS # how long before next CRL +default_md = $EASYRSA_DIGEST # use public key default MD preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look @@ -52,10 +69,10 @@ # Easy-RSA request handling # We key off $DN_MODE to determine how to format the DN [ req ] -default_bits = $ENV::EASYRSA_KEY_SIZE +default_bits = $EASYRSA_KEY_SIZE default_keyfile = privkey.pem -default_md = $ENV::EASYRSA_DIGEST -distinguished_name = $ENV::EASYRSA_DN +default_md = $EASYRSA_DIGEST +distinguished_name = $EASYRSA_DN x509_extensions = easyrsa_ca # The extentions to add to the self signed cert # A placeholder to handle the $EXTRA_EXTS feature: @@ -68,33 +85,33 @@ [ cn_only ] commonName = Common Name (eg: your user, host, or server name) commonName_max = 64 -commonName_default = $ENV::EASYRSA_REQ_CN +commonName_default = $EASYRSA_REQ_CN # Easy-RSA DN for org support: [ org ] countryName = Country Name (2 letter code) -countryName_default = $ENV::EASYRSA_REQ_COUNTRY +countryName_default = $EASYRSA_REQ_COUNTRY countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE +stateOrProvinceName_default = $EASYRSA_REQ_PROVINCE localityName = Locality Name (eg, city) -localityName_default = $ENV::EASYRSA_REQ_CITY +localityName_default = $EASYRSA_REQ_CITY 0.organizationName = Organization Name (eg, company) -0.organizationName_default = $ENV::EASYRSA_REQ_ORG +0.organizationName_default = $EASYRSA_REQ_ORG organizationalUnitName = Organizational Unit Name (eg, section) -organizationalUnitName_default = $ENV::EASYRSA_REQ_OU +organizationalUnitName_default = $EASYRSA_REQ_OU commonName = Common Name (eg: your user, host, or server name) commonName_max = 64 -commonName_default = $ENV::EASYRSA_REQ_CN +commonName_default = $EASYRSA_REQ_CN emailAddress = Email Address -emailAddress_default = $ENV::EASYRSA_REQ_EMAIL +emailAddress_default = $EASYRSA_REQ_EMAIL emailAddress_max = 64 ####################################################################