Hi, hopefully someone can offer some insight.
I created a CA with EasyRSA 3.0 on a Centos7.
Everything is working fine with interactive mode. Then I updated the vars file to allow batch creation of req, key and cert for vpn clients. It works perfectly without prompting, but there is one issue, all the req/certs have the same CN=ChangeMe
With interactive mode it automatically takes the argument $1 and make that the CN. But in batch mode, it won't matter, it'll show ChangeMe as the CN, but I like to have all the certs to have unique CN.
e.g.
# need it to be no password
./easyrsa gen-req testcert nopass
./easyrsa show-req testcert
......
Certificate Request:
Data:
Version: 0 (0x0)
Subject:
countryName = US
stateOrProvinceName = California
localityName = San Francisco
organizationName = Copyleft Certificate Co
organizationalUnitName = My Organizational Unit
commonName = ChangeMe
emailAddress = abc@example.com
Attributes:
a0:00
Same thing after signing the request of course.
./easyrsa sign client testcert
Am I not using the batch mode properly, or is this the default behavior for batch mode?
Thanks in advance.
EasyRSA 3.0 - batch mode and CN
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Feb 03, 2015 6:52 pm