Comments (9)
Hi,
I created my ca and certificates succesfully following your tips (raw-ca and escaping $ char).
Thank you very much for your support
Roberto
from easy-rsa.
@PWnet Thank you for this issue - I confirm this is a bug.
Investigating ..
For testing purposes, can you try the command:
easyrsa --raw-ca build-ca
with your long password, which appears to work for me.
Also, which version of openssl
are you using ?
from easy-rsa.
@PWnet You must escape the $
character when inputting the password, to use the standard easyrsa
method to build-ca
.
from easy-rsa.
This could probably be done without the need to escape a $
sign.
from easy-rsa.
Easy-RSA v3.2.0
is not effected by this issue.
from easy-rsa.
@PWnet Thank you for this issue -
I confirm this is a bug.Investigating ..
For testing purposes, can you try the command:
easyrsa --raw-ca build-ca
with your long password, which appears to work for me.
Also, which version of
openssl
are you using ?
I'm using openssl 3.0.2 on ubuntu 22.04, but I have the same issue with easy-rsa 3.1.7 for windows that uses the recommended version.
IMHO a password input field should accept special characters without escaping (like openssl or easy-rsa 2.x I used to create my old certificates).
Anyway I tried with escaped character and It works (at least with the ca).
I give a try with version 3.2.0.
Regards
from easy-rsa.
You can also try the --raw-ca
option with v3.1.7
, as above, which does not require $
sign to be escaped.
from easy-rsa.
FTR:
Easy-RSA v3
has never supported $
sign in the CA password. build-ca
This is due to shell expansion.
Since v3.1.7
, that is resolved, only for build-ca
Using raw exposure to the SSL executable. Easy-RSA option --raw-ca
mode for command build-ca
only.
Otherwise, passing options to easyrsa
is still subject to shell expansion, which still requires some escaping and some more escaping (due to easyrsa
extra expansion via set_var()
) for org-field options, such as --req-ou
which want to use $
.
And on top of that, there is the shell expansion for use of $
in the vars
file ... and backward compatibility ... and sufficient testing.
Thanks for helping by testing.
from easy-rsa.
Thank you for testing and feeding back your results.
Closing this now because, even though this could be called a bug, it has always been that way and there is a work around for v3.1.7
, --raw-ca
option.
from easy-rsa.
Related Issues (20)
- Add CA certificate to expiry report `show-expire`
- Revert changes made for Windows 10/11 `mkdir -p` failure
- `dev/easyrsa-tools.lib` missing in release build HOT 1
- mandatory SAN HOT 16
- EasyRSA Behavior Change - 3.0.8 - 3.2.0 - EASYRSA_REQ_CN / --req-cn /--subject-alt-name HOT 18
- LibreSSL: `build-*-full` uses an incorrect SSL config file HOT 1
- UT failure from `easyrsa-tools.lib` for command `show-expire`
- Importing the CA certificates for OpenVPN clients and internal domains. HOT 1
- Outline use and expansion of `openssl-easyrsa.cnf` HOT 1
- Windows 7: `gen-crl` always prompts for over-write
- `display_dn()`: Remove unnecessary subshell
- `sign-req`: `--cop-ext` is removed by `--force-safe-ssl`
- Command `write`: Allow to specify target file instead of directory
- Use of `revoke` when `revoke-expired` is intended
- one location HOT 1
- Command `revoke` must not move key and request files
- `gen-req` overwrites an existing request without confirmation
- Need Guide for Upgrading 3.0.8 to 3.1.1 HOT 1
- Understanding how to renew/revoke HOT 2
- subjectAltName should be mandatory HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from easy-rsa.