--- a/easy-rsa/2.0/build-ca +++ b/easy-rsa/2.0/build-ca @@ -5,4 +5,4 @@ # export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --initca $* +"/usr/sbin/pkitool" --interact --initca $* --- a/easy-rsa/2.0/build-dh +++ b/easy-rsa/2.0/build-dh @@ -1,5 +1,7 @@ #!/bin/sh +. /etc/easy-rsa/vars + # Build Diffie-Hellman parameters for the server side # of an SSL/TLS connection. --- a/easy-rsa/2.0/build-inter +++ b/easy-rsa/2.0/build-inter @@ -4,4 +4,4 @@ # root certificate. export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --inter $* +"/usr/sbin/pkitool" --interact --inter $* --- a/easy-rsa/2.0/build-key +++ b/easy-rsa/2.0/build-key @@ -4,4 +4,4 @@ # root certificate. export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact $* +"/usr/sbin/pkitool" --interact $* --- a/easy-rsa/2.0/build-key-pass +++ b/easy-rsa/2.0/build-key-pass @@ -4,4 +4,4 @@ # with a password. export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --pass $* +"/usr/sbin/pkitool" --interact --pass $* --- a/easy-rsa/2.0/build-key-pkcs12 +++ b/easy-rsa/2.0/build-key-pkcs12 @@ -5,4 +5,4 @@ # the CA certificate as well. export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --pkcs12 $* +"/usr/sbin/pkitool" --interact --pkcs12 $* --- a/easy-rsa/2.0/build-key-server +++ b/easy-rsa/2.0/build-key-server @@ -7,4 +7,4 @@ # extension in the openssl.cnf file. export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --server $* +"/usr/sbin/pkitool" --interact --server $* --- a/easy-rsa/2.0/build-req +++ b/easy-rsa/2.0/build-req @@ -4,4 +4,4 @@ # when your root certificate and key is not available locally. export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --csr $* +"/usr/sbin/pkitool" --interact --csr $* --- a/easy-rsa/2.0/build-req-pass +++ b/easy-rsa/2.0/build-req-pass @@ -4,4 +4,4 @@ # with a password. export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --csr --pass $* +"/usr/sbin/pkitool" --interact --csr --pass $* --- a/easy-rsa/2.0/clean-all +++ b/easy-rsa/2.0/clean-all @@ -1,5 +1,7 @@ #!/bin/sh +. /etc/easy-rsa/vars + # Initialize the $KEY_DIR directory. # Note that this script does a # rm -rf on $KEY_DIR so be careful! --- a/easy-rsa/2.0/inherit-inter +++ b/easy-rsa/2.0/inherit-inter @@ -1,5 +1,7 @@ #!/bin/sh +. /etc/easy-rsa/vars + # Build a new PKI which is rooted on an intermediate certificate generated # by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should # have independent vars settings, and must use a different KEY_DIR directory --- a/easy-rsa/2.0/list-crl +++ b/easy-rsa/2.0/list-crl @@ -1,5 +1,7 @@ #!/bin/sh +. /etc/easy-rsa/vars + # list revoked certificates CRL="${1:-crl.pem}" --- a/easy-rsa/2.0/pkitool +++ b/easy-rsa/2.0/pkitool @@ -1,5 +1,7 @@ #!/bin/sh +. /etc/easy-rsa/vars + # OpenVPN -- An application to securely tunnel IP networks # over a single TCP/UDP port, with support for SSL/TLS-based # session authentication and key exchange, --- a/easy-rsa/2.0/revoke-full +++ b/easy-rsa/2.0/revoke-full @@ -1,5 +1,7 @@ #!/bin/sh +. /etc/easy-rsa/vars + # revoke a certificate, regenerate CRL, # and verify revocation --- a/easy-rsa/2.0/sign-req +++ b/easy-rsa/2.0/sign-req @@ -4,4 +4,4 @@ # with a local root certificate and key. export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --sign $* +"/usr/sbin/pkitool" --interact --sign $* --- a/easy-rsa/2.0/vars +++ b/easy-rsa/2.0/vars @@ -12,7 +12,7 @@ # This variable should point to # the top level of the easy-rsa # tree. -export EASY_RSA="`pwd`" +export EASY_RSA="/etc/easy-rsa" # # This variable should point to @@ -26,7 +26,7 @@ # This variable should point to # the openssl.cnf file included # with easy-rsa. -export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` +export KEY_CONFIG=`/usr/sbin/whichopensslcnf $EASY_RSA` # Edit this variable to point to # your soon-to-be-created key