Many thanks Richard, That did the trick.
Debian Stable v12.9 is using easyrsa v3.1.0 I did note though that an 'easyrsa init-pki’ deleted my ~/easy-rsa/pki/var file. Fortunately I had a backup. I assume that this has been fixed in v3.2.2 Kind regards, Bruce > On 5 Feb 2025, at 05:35, tincantech <tincant...@protonmail.com> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi Bruce, > > EasyRSA 3.0.8 is ancient. > Debian 11 is no spring chicken. > > My only suggestion is that you upgrade EasyRSA to v3.2.2 > > Regards > Richard > > > Sent with Proton Mail secure email. > > On Tuesday, 4 February 2025 at 06:23, Bruce Bannerman <bruban...@gmail.com> > wrote: > >> Hello everyone, >> >> Environment: Debian 11.11 >> >> easyrsa version 3.0.8 >> >> Issue: >> >> I’m trying to initialise and build my intermediate CA >> >> easyrsa build-ca does not use my modified variables when it creates my new >> CA. >> >> My custom variables are in the file “vars" in my ~/easy-rsa directory >> >> The vars file is a copy of the file “vars.example" >> >> in vars, I have modified the following variables: >> >> set_var EASYRSA “~/easy-rsa/" >> set_var EASYRSA_KEY_SIZE 4096 >> set_var EASYRSA_DIGEST "sha512" >> >> The file permissions assign to the file ~/easy-rsa/vars are u=rw,go=, where >> the file owner is the owner of ~/ >> >> I’ve also tried an ownership definition of u=rw,go=r, but this makes no >> difference. >> >> When I run the commands: >> >> ./easyrsa init-pki >> ./easyrsa build-ca >> >> and then check the created certificate with: openssl x509 -noout -text -in >> ~/easy-rsa/pki/ca.crt >> >> I find: >> >> Signature Algorithm: sha256WithRSAEncryption >> Public Key Algorithm: rsaEncryption >> RSA Public-Key: (2048 bit) >> >> This is not what I had defined in ~/esay-rsa/vars. >> >> Any pointers on how to get this working will be appreciated. >> >> Kind regards, >> >> Bruce >> >> >> >> _______________________________________________ >> Openvpn-users mailing list >> Openvpn-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/openvpn-users > -----BEGIN PGP SIGNATURE----- > Version: ProtonMail > > wsC5BAEBCgBtBYJnol3TCZBPl5z2a5C4nUUUAAAAAAAcACBzYWx0QG5vdGF0 > aW9ucy5vcGVucGdwanMub3JnpYUuVXHh5MBr3LV6uomFhv5ul1g9oMoFsXsR > 6xkl8wYWIQQJvD1EZ6ONcnnFVVVPl5z2a5C4nQAA9RMH/R10S9ARpe8KZ/I/ > r8gr5v/+bI4yW5mNKcvNp2ooQDf+RK9MckvISQNE++F4oZJJUCpp9Kph3ea2 > jnSKskxYZJ9YJCgXR+8O544dRfsbjOLCtJc4rE1dAaO5fJcC3Vp0M2xKuByB > jLwYG/RWlgt3BVZKfgBHctAmxRCm5GDAhCqgCcnP4x+HYOVCTyxor2sEfr70 > uoS5ge7MSyi3+W6Hu2tsHG6ZTfvIzeiamEQwn+UUn84UpQdhUYsXIP/zXPc0 > VaKR+JUqs/eRN+WFBVmFmtr6H1vrjUMuYLoBpBNLHxSR20jK734Sls/NzyOA > 3Dz9O5jHUjlGSBRQHtr1sOgG61U= > =rCdM > -----END PGP SIGNATURE----- > <publickey - tincant...@protonmail.com - 0x09BC3D44.asc><publickey - > tincant...@protonmail.com - 0x09BC3D44.asc.sig> _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
