Unexpectedly, Apple replaced OpenSSL with LibreSSL, with the result that the EasyRSA shell-scripts no longer work ... at all.
Doing a "brew install" of OpenSSL is really not a practical option in my case.
So – what can be done to make the EasyRSA scripts work again? Or, is there a pragmatic alternative? (I'd really like to have something that uses a real [SQLite ...] database, for instance.)
What are my options today? I need to generate a certificate-revocation double quick.
What to do about MacOS High Sierra?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 16
- Joined: Fri Aug 03, 2018 1:46 am
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: What to do about MacOS High Sierra?
Work is in progress .. you can help.MikeRobinson wrote: ↑Fri Aug 03, 2018 1:50 amwhat can be done to make the EasyRSA scripts work again?
https://github.com/OpenVPN/easy-rsa/
Use an OS that does use openssl ..
Note: Using a virtual machine to generate cert/key pairs is strongly discouraged because,
generally, your VM will not have sufficient entropy to generate enough pseudo random data.
-
- OpenVpn Newbie
- Posts: 16
- Joined: Fri Aug 03, 2018 1:46 am
Re: What to do about MacOS High Sierra?
I literally don't have the time right now. (Sorry ...) And I would definitely prefer to find a solution that used a real database (SQLite) to store its certificate information. I'd like to have a simple screen, not just a command-line tool.
If you are "re-writing EasyRSA" right now, please consider this. Also, to my way of thinking it doesn't have to be "Bash shell-scripts," as long as it is self-contained.
If you are "re-writing EasyRSA" right now, please consider this. Also, to my way of thinking it doesn't have to be "Bash shell-scripts," as long as it is self-contained.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: What to do about MacOS High Sierra?
And yet you somehow find the time to repeatedly post here ..MikeRobinson wrote: ↑Fri Aug 03, 2018 2:24 pmI literally don't have the time right now. (Sorry ...)
Google such things ..MikeRobinson wrote: ↑Fri Aug 03, 2018 2:24 pmAnd I would definitely prefer to find a solution that used a real database (SQLite) to store its certificate information. I'd like to have a simple screen, not just a command-line tool.
It is not Bash ..MikeRobinson wrote: ↑Fri Aug 03, 2018 2:24 pmto my way of thinking it doesn't have to be "Bash shell-scripts,"
-
- OpenVpn Newbie
- Posts: 16
- Joined: Fri Aug 03, 2018 1:46 am
Re: What to do about MacOS High Sierra?
Yeah, I know. What I meant is, I don't have time to join an open-source development project. Life gets in the way sometimes.
"Googling it" hasn't produced anything except confirmation that a rewrite of Easy-RSA is on the way. Interestingly, it so far hasn't pointed me to a LibreSSL-compatible alternative to it ... something that would be easier for other people (e.g. clients) to use. But I'm still looking.
"Googling it" hasn't produced anything except confirmation that a rewrite of Easy-RSA is on the way. Interestingly, it so far hasn't pointed me to a LibreSSL-compatible alternative to it ... something that would be easier for other people (e.g. clients) to use. But I'm still looking.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: What to do about MacOS High Sierra?
We all have to make sacrifices ..MikeRobinson wrote: ↑Fri Aug 03, 2018 8:59 pmYeah, I know. What I meant is, I don't have time to join an open-source development project. Life gets in the way sometimes.
really ..MikeRobinson wrote: ↑Fri Aug 03, 2018 8:59 pm"Googling it" hasn't produced anything except confirmation that a rewrite of Easy-RSA is on the way
Google is not perfect.MikeRobinson wrote: ↑Fri Aug 03, 2018 8:59 pmInterestingly, it so far hasn't pointed me to a LibreSSL-compatible alternative to it
EasyRSA is very easy .. it even has Easy in the name ........MikeRobinson wrote: ↑Fri Aug 03, 2018 8:59 pmsomething that would be easier for other people (e.g. clients) to use. But I'm still looking.