What to do about MacOS High Sierra?

Support forum for Easy-RSA certificate management suite.
Post Reply
MikeRobinson
OpenVPN User
Posts: 16
Joined: Fri Aug 03, 2018 1:46 am

What to do about MacOS High Sierra?

Post by MikeRobinson » Fri Aug 03, 2018 1:50 am

Unexpectedly, Apple replaced OpenSSL with LibreSSL, with the result that the EasyRSA shell-scripts no longer work ... at all.

Doing a "brew install" of OpenSSL is really not a practical option in my case.

So – what can be done to make the EasyRSA scripts work again? Or, is there a pragmatic alternative? (I'd really like to have something that uses a real [SQLite ...] database, for instance.)

What are my options today? I need to generate a certificate-revocation double quick.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5099
Joined: Fri Jun 03, 2016 1:17 pm

Re: What to do about MacOS High Sierra?

Post by TinCanTech » Fri Aug 03, 2018 11:16 am

MikeRobinson wrote:
Fri Aug 03, 2018 1:50 am
what can be done to make the EasyRSA scripts work again?
Work is in progress .. you can help.
https://github.com/OpenVPN/easy-rsa/
MikeRobinson wrote:
Fri Aug 03, 2018 1:50 am
What are my options today?
Use an OS that does use openssl ..

Note: Using a virtual machine to generate cert/key pairs is strongly discouraged because,
generally, your VM will not have sufficient entropy to generate enough pseudo random data.

MikeRobinson
OpenVPN User
Posts: 16
Joined: Fri Aug 03, 2018 1:46 am

Re: What to do about MacOS High Sierra?

Post by MikeRobinson » Fri Aug 03, 2018 2:24 pm

I literally don't have the time right now. (Sorry ...) And I would definitely prefer to find a solution that used a real database (SQLite) to store its certificate information. I'd like to have a simple screen, not just a command-line tool.

If you are "re-writing EasyRSA" right now, please consider this. Also, to my way of thinking it doesn't have to be "Bash shell-scripts," as long as it is self-contained.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5099
Joined: Fri Jun 03, 2016 1:17 pm

Re: What to do about MacOS High Sierra?

Post by TinCanTech » Fri Aug 03, 2018 4:43 pm

MikeRobinson wrote:
Fri Aug 03, 2018 2:24 pm
I literally don't have the time right now. (Sorry ...)
And yet you somehow find the time to repeatedly post here ..
MikeRobinson wrote:
Fri Aug 03, 2018 2:24 pm
And I would definitely prefer to find a solution that used a real database (SQLite) to store its certificate information. I'd like to have a simple screen, not just a command-line tool.
Google such things ..
MikeRobinson wrote:
Fri Aug 03, 2018 2:24 pm
to my way of thinking it doesn't have to be "Bash shell-scripts,"
It is not Bash ..

MikeRobinson
OpenVPN User
Posts: 16
Joined: Fri Aug 03, 2018 1:46 am

Re: What to do about MacOS High Sierra?

Post by MikeRobinson » Fri Aug 03, 2018 8:59 pm

Yeah, I know. What I meant is, I don't have time to join an open-source development project. Life gets in the way sometimes.

"Googling it" hasn't produced anything except confirmation that a rewrite of Easy-RSA is on the way. Interestingly, it so far hasn't pointed me to a LibreSSL-compatible alternative to it ... something that would be easier for other people (e.g. clients) to use. But I'm still looking.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5099
Joined: Fri Jun 03, 2016 1:17 pm

Re: What to do about MacOS High Sierra?

Post by TinCanTech » Fri Aug 03, 2018 9:09 pm

MikeRobinson wrote:
Fri Aug 03, 2018 8:59 pm
Yeah, I know. What I meant is, I don't have time to join an open-source development project. Life gets in the way sometimes.
We all have to make sacrifices ..
MikeRobinson wrote:
Fri Aug 03, 2018 8:59 pm
"Googling it" hasn't produced anything except confirmation that a rewrite of Easy-RSA is on the way
really ..
MikeRobinson wrote:
Fri Aug 03, 2018 8:59 pm
Interestingly, it so far hasn't pointed me to a LibreSSL-compatible alternative to it
Google is not perfect.
MikeRobinson wrote:
Fri Aug 03, 2018 8:59 pm
something that would be easier for other people (e.g. clients) to use. But I'm still looking.
EasyRSA is very easy .. it even has Easy in the name ........ :mrgreen:

Post Reply