blob: 0127f30927bbbbfafb0f5eeffd050d825ee90029 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
NOTE: easyrsa will require you to initialize a PKI upon first use.
ONLY for the very first run for a new PKI, do something such as this,
assuming you will have its data in $HOME/my_new_pki:
easyrsa --pki-dir=$HOME/my_new_pki init-pki # DANGEROUS - DESTROYS ~/my_new_pki
See %%PREFIX%%/share/doc/easy-rsa/README.quickstart.md for further information.
An on-line help is available, you can run:
easyrsa help # for help on commands
easyrsa help options # for help on options
**** SECURITY WARNING FOR PAST security/easy-rsa versions ****
**** easyrsa may have encrypted your CA private key with a weak cipher
Per CVE-2024-13454, Easy-RSA 3.0.5 inclusively up to and including 3.1.7,
when used with OpenSSL 3, may have accidentally encrypted the CA private
key with a weak cipher, des-ede3-cbc, instead of the intended aes-256-cbc,
when a CA was created with the easyrsa build-ca command.
Such mistakes cannot be corrected by upgrading Easy-RSA alone.
The standing recommendation for CA private keys is to
re-encrypt the CA private keys with the aes-256-cbc cipher,
by using the easyrsa set-pass ca command.
For details, see https://community.openvpn.net/openvpn/wiki/CVE-2024-13454.
**** END SECURITY WARNING FOR PAST security/easy-rsa versions ****
|
