EasyRSA 3.0 - batch mode and CN

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
stickywire
OpenVpn Newbie
Posts: 1
Joined: Tue Feb 03, 2015 6:52 pm

EasyRSA 3.0 - batch mode and CN

Post by stickywire » Tue Feb 03, 2015 7:21 pm

Hi, hopefully someone can offer some insight.

I created a CA with EasyRSA 3.0 on a Centos7.

Everything is working fine with interactive mode. Then I updated the vars file to allow batch creation of req, key and cert for vpn clients. It works perfectly without prompting, but there is one issue, all the req/certs have the same CN=ChangeMe

With interactive mode it automatically takes the argument $1 and make that the CN. But in batch mode, it won't matter, it'll show ChangeMe as the CN, but I like to have all the certs to have unique CN.

e.g.
# need it to be no password
./easyrsa gen-req testcert nopass

./easyrsa show-req testcert
......

Certificate Request:
Data:
Version: 0 (0x0)
Subject:
countryName = US
stateOrProvinceName = California
localityName = San Francisco
organizationName = Copyleft Certificate Co
organizationalUnitName = My Organizational Unit
commonName = ChangeMe
emailAddress = abc@example.com
Attributes:
a0:00


Same thing after signing the request of course.

./easyrsa sign client testcert


Am I not using the batch mode properly, or is this the default behavior for batch mode?

Thanks in advance.

Post Reply