nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'temp_dir' of https://github.com/luizluca/easy-rsa into luizluca-temp_dir

Browse Source
This commit is contained in:
Eric F Crist 2019-05-06 22:26:03 -05:00
commit 59f4923078
No known key found for this signature in database
GPG Key ID: 72964219390D0D0E
2 changed files with 111 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

155
easyrsa3/easyrsa
View File

@ -304,19 +304,47 @@ Type the word '$value' to continue, or any other input to abort."
exit 9 exit 9
} # => confirm() } # => confirm()
# mktemp wrapper
easyrsa_mktemp() {
[ -n "$EASYRSA_TEMP_DIR_session" ] || die "EASYRSA_TEMP_DIR_session not initialized!"
[ -d "$EASYRSA_TEMP_DIR_session" ] || mkdir -p "$EASYRSA_TEMP_DIR_session" ||
die "Could not create temporary directory '$EASYRSA_TEMP_DIR_session'. Permission or concurrency problem?"
mktemp "$EASYRSA_TEMP_DIR_session/tmp.XXXXXX"
} # => easyrsa_mktemp
# remove temp files and do terminal cleanups # remove temp files and do terminal cleanups
cleanup() { cleanup() {
for f in "$EASYRSA_TEMP_CONF" "$EASYRSA_TEMP_EXT" \ [ -z "$EASYRSA_TEMP_DIR_session" ] || rm -rf "$EASYRSA_TEMP_DIR_session"
"$EASYRSA_TEMP_FILE_2" "$EASYRSA_TEMP_FILE_3" "$EASYRSA_TEMP_FILE_4"
do [ -f "$f" ] && rm "$f" 2>/dev/null
done
(stty echo 2>/dev/null) || set -o echo (stty echo 2>/dev/null) || set -o echo
echo "" # just to get a clean line echo "" # just to get a clean line
} # => cleanup() } # => cleanup()
# Make LibreSSL safe config file from OpenSSL config file easyrsa_openssl() {
make_ssl_config() { openssl_command=$1; shift
sed \
case $openssl_command in
ca|req|srp|ts) has_config=true;;
*) has_config=false;;
esac
if ! $has_config; then
"$EASYRSA_OPENSSL" "$openssl_command" "$@"
return
fi
easyrsa_openssl_conf=$(easyrsa_mktemp)
easyrsa_extra_exts=
if [ -n "$EASYRSA_EXTRA_EXTS" ]; then
easyrsa_extra_exts=$(easyrsa_mktemp)
cat >"$easyrsa_extra_exts" <<-EOF
req_extensions = req_extra
[ req_extra ]
$EASYRSA_EXTRA_EXTS
EOF
fi
# Make LibreSSL safe config file from OpenSSL config file
sed \
-e "s\`ENV::EASYRSA\`EASYRSA\`g" \ -e "s\`ENV::EASYRSA\`EASYRSA\`g" \
-e "s\`\$dir\`$EASYRSA_PKI\`g" \ -e "s\`\$dir\`$EASYRSA_PKI\`g" \
-e "s\`\$EASYRSA_PKI\`$EASYRSA_PKI\`g" \ -e "s\`\$EASYRSA_PKI\`$EASYRSA_PKI\`g" \
@ -333,9 +361,16 @@ sed \
-e "s\`\$EASYRSA_REQ_OU\`$EASYRSA_REQ_OU\`g" \ -e "s\`\$EASYRSA_REQ_OU\`$EASYRSA_REQ_OU\`g" \
-e "s\`\$EASYRSA_REQ_CN\`$EASYRSA_REQ_CN\`g" \ -e "s\`\$EASYRSA_REQ_CN\`$EASYRSA_REQ_CN\`g" \
-e "s\`\$EASYRSA_REQ_EMAIL\`$EASYRSA_REQ_EMAIL\`g" \ -e "s\`\$EASYRSA_REQ_EMAIL\`$EASYRSA_REQ_EMAIL\`g" \
"$EASYRSA_SSL_CONF" > "$EASYRSA_SAFE_CONF" || die "\ ${EASYRSA_EXTRA_EXTS:+-e "/^#%EXTRA_EXTS%/r $easyrsa_extra_exts"} \
Failed to update $EASYRSA_SAFE_CONF" "$EASYRSA_SSL_CONF" > "$easyrsa_openssl_conf" ||
} # => make_ssl_config() die "Failed to update $easyrsa_openssl_conf"
"$EASYRSA_OPENSSL" "$openssl_command" -config "$easyrsa_openssl_conf" "$@"
err=$?
rm -f "$easyrsa_openssl_conf"
rm -f "$easyrsa_extra_exts"
return $err
} # => easyrsa_openssl
vars_source_check() { vars_source_check() {
# Check for defined EASYRSA_PKI # Check for defined EASYRSA_PKI
@ -368,9 +403,6 @@ $out"
} }
verify_ssl_lib () { verify_ssl_lib () {
# make safessl-easyrsa.cnf
make_ssl_config
# Verify EASYRSA_OPENSSL command gives expected output # Verify EASYRSA_OPENSSL command gives expected output
if [ -z "$EASYRSA_SSL_OK" ]; then if [ -z "$EASYRSA_SSL_OK" ]; then
val="$("$EASYRSA_OPENSSL" version)" val="$("$EASYRSA_OPENSSL" version)"
@ -542,11 +574,11 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
# shellcheck disable=SC2015 # shellcheck disable=SC2015
[ "$EASYRSA_BATCH" ] && opts="$opts -batch" || export EASYRSA_REQ_CN="Easy-RSA CA" [ "$EASYRSA_BATCH" ] && opts="$opts -batch" || export EASYRSA_REQ_CN="Easy-RSA CA"
out_key_tmp="$(mktemp "$out_key.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$out_key_tmp" out_key_tmp="$(easyrsa_mktemp)"
out_file_tmp="$(mktemp "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$out_file_tmp" out_file_tmp="$(easyrsa_mktemp)"
# Get password from user if necessary # Get password from user if necessary
if [ ! $nopass ]; then if [ ! $nopass ]; then
out_key_pass_tmp="$(mktemp)"; EASYRSA_TEMP_FILE_4="$out_key_pass_tmp" out_key_pass_tmp="$(easyrsa_mktemp)"
echo echo
printf "Enter New CA Key Passphrase: " printf "Enter New CA Key Passphrase: "
hide_read_pass kpass hide_read_pass kpass
@ -577,13 +609,13 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
# create the CA keypair: # create the CA keypair:
[ ! $nopass ] && crypto_opts="-passin file:$out_key_pass_tmp" [ ! $nopass ] && crypto_opts="-passin file:$out_key_pass_tmp"
#shellcheck disable=SC2086 #shellcheck disable=SC2086
"$EASYRSA_OPENSSL" req -utf8 -new -key "$out_key_tmp" \ easyrsa_openssl req -utf8 -new -key "$out_key_tmp" \
-config "$EASYRSA_SAFE_CONF" -keyout "$out_key_tmp" -out "$out_file_tmp" $crypto_opts $opts || \ -keyout "$out_key_tmp" -out "$out_file_tmp" $crypto_opts $opts || \
die "Failed to build the CA" die "Failed to build the CA"
mv "$out_key_tmp" "$out_key"; EASYRSA_TEMP_FILE_2= mv "$out_key_tmp" "$out_key"
mv "$out_file_tmp" "$out_file"; EASYRSA_TEMP_FILE_3= mv "$out_file_tmp" "$out_file"
[ -f "$out_key_pass_tmp" ] && rm "$out_key_pass_tmp" && EASYRSA_TEMP_FILE_4= [ -f "$out_key_pass_tmp" ] && rm "$out_key_pass_tmp"
# Success messages # Success messages
if [ $sub_ca ]; then if [ $sub_ca ]; then
@ -661,24 +693,25 @@ $EASYRSA_EXTRA_EXTS"
{ while ( getline<"/dev/stdin" ) {print} next } { while ( getline<"/dev/stdin" ) {print} next }
{print} {print}
}' }'
conf_tmp="$(easyrsa_mktemp)"
print "$extra_exts" | \ print "$extra_exts" | \
awk "$awkscript" "$EASYRSA_SSL_CONF" \ awk "$awkscript" "$EASYRSA_SSL_CONF" \
> "$EASYRSA_TEMP_CONF" \ > "$conf_tmp" \
|| die "Copying SSL config to temp file failed" || die "Copying SSL config to temp file failed"
# Use this new SSL config for the rest of this function # Use this new SSL config for the rest of this function
EASYRSA_SSL_CONF="$EASYRSA_TEMP_CONF" EASYRSA_SSL_CONF="$conf_tmp"
fi fi
key_out_tmp="$(mktemp "$key_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$key_out_tmp" key_out_tmp="$(easyrsa_mktemp)"
req_out_tmp="$(mktemp "$req_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$req_out_tmp" req_out_tmp="$(easyrsa_mktemp)"
# generate request # generate request
[ $EASYRSA_BATCH ] && opts="$opts -batch" [ $EASYRSA_BATCH ] && opts="$opts -batch"
# shellcheck disable=2086,2148 # shellcheck disable=2086,2148
"$EASYRSA_OPENSSL" req -utf8 -new -newkey "$EASYRSA_ALGO":"$EASYRSA_ALGO_PARAMS" \ easyrsa_openssl req -utf8 -new -newkey "$EASYRSA_ALGO":"$EASYRSA_ALGO_PARAMS" \
-config "$EASYRSA_SAFE_CONF" -keyout "$key_out_tmp" -out "$req_out_tmp" $opts \ -keyout "$key_out_tmp" -out "$req_out_tmp" $opts \
|| die "Failed to generate request" || die "Failed to generate request"
mv "$key_out_tmp" "$key_out"; EASYRSA_TEMP_FILE_2= mv "$key_out_tmp" "$key_out"
mv "$req_out_tmp" "$req_out"; EASYRSA_TEMP_FILE_3= mv "$req_out_tmp" "$req_out"
notice "\ notice "\
Keypair and certificate request completed. Your files are: Keypair and certificate request completed. Your files are:
req: $req_out req: $req_out
@ -746,6 +779,7 @@ $(display_dn req "$req_in")
" # => confirm end " # => confirm end
# Generate the extensions file for this cert: # Generate the extensions file for this cert:
ext_tmp="$(easyrsa_mktemp)"
{ {
# Append first any COMMON file (if present) then the cert-type extensions # Append first any COMMON file (if present) then the cert-type extensions
cat "$EASYRSA_EXT_DIR/COMMON" cat "$EASYRSA_EXT_DIR/COMMON"
@ -782,17 +816,17 @@ $(display_dn req "$req_in")
[ -n "$EASYRSA_EXTRA_EXTS" ] && print "$EASYRSA_EXTRA_EXTS" [ -n "$EASYRSA_EXTRA_EXTS" ] && print "$EASYRSA_EXTRA_EXTS"
: # needed to keep die from inherting the above test : # needed to keep die from inherting the above test
} > "$EASYRSA_TEMP_EXT" || die "\ } > "$ext_tmp" || die "\
Failed to create temp extension file (bad permissions?) at: Failed to create temp extension file (bad permissions?) at:
$EASYRSA_TEMP_EXT" $ext_tmp"
# sign request # sign request
# shellcheck disable=SC2086 crt_out_tmp="$(easyrsa_mktemp)"
crt_out_tmp="$(mktemp "$crt_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$crt_out_tmp" easyrsa_openssl ca -utf8 -in "$req_in" -out "$crt_out_tmp" \
"$EASYRSA_OPENSSL" ca -utf8 -in "$req_in" -out "$crt_out_tmp" -config "$EASYRSA_SAFE_CONF" \ -extfile "$ext_tmp" -days "$EASYRSA_CERT_EXPIRE" -batch $opts \
-extfile "$EASYRSA_TEMP_EXT" -days "$EASYRSA_CERT_EXPIRE" -batch $opts \
|| die "signing failed (openssl output above may have more detail)" || die "signing failed (openssl output above may have more detail)"
mv "$crt_out_tmp" "$crt_out"; EASYRSA_TEMP_FILE_2= mv "$crt_out_tmp" "$crt_out"
rm -f "$ext_tmp"
notice "\ notice "\
Certificate created at: $crt_out Certificate created at: $crt_out
" "
@ -878,7 +912,7 @@ Unable to revoke as no certificate was found. Certificate was expected
at: $crt_in" at: $crt_in"
# shellcheck disable=SC2086 # shellcheck disable=SC2086
"$EASYRSA_OPENSSL" ca -utf8 -revoke "$crt_in" -config "$EASYRSA_SAFE_CONF" $opts || die "\ easyrsa_openssl ca -utf8 -revoke "$crt_in" $opts || die "\
Failed to revoke certificate: revocation command failed." Failed to revoke certificate: revocation command failed."
# move revoked files so we can reissue certificates with the same name # move revoked files so we can reissue certificates with the same name
@ -919,7 +953,7 @@ input in file: $req_in"
fi fi
# get the serial number of the certificate -> serial=XXXX # get the serial number of the certificate -> serial=XXXX
cert_serial="$("$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -serial)" cert_serial="$(easyrsa_openssl x509 -in "$crt_in" -noout -serial)"
# remove the serial= part -> we only need the XXXX part # remove the serial= part -> we only need the XXXX part
cert_serial=${cert_serial##*=} cert_serial=${cert_serial##*=}
@ -993,7 +1027,7 @@ at: $crt_in"
# Check if old cert is expired or expires within 30 days # Check if old cert is expired or expires within 30 days
expire_date=$( expire_date=$(
"$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -enddate | easyrsa_openssl x509 -in "$crt_in" -noout -enddate |
sed 's/^notAfter=//' sed 's/^notAfter=//'
) )
case $(uname 2>/dev/null) in case $(uname 2>/dev/null) in
@ -1014,7 +1048,7 @@ Renewal not allowed."
# Extract certificate usage from old cert # Extract certificate usage from old cert
cert_ext_key_usage=$( cert_ext_key_usage=$(
"$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -text | easyrsa_openssl x509 -in "$crt_in" -noout -text |
sed -n "/X509v3 Extended Key Usage:/{n;s/^ *//g;p;}" sed -n "/X509v3 Extended Key Usage:/{n;s/^ *//g;p;}"
) )
case $cert_ext_key_usage in case $cert_ext_key_usage in
@ -1033,7 +1067,7 @@ Renewal not allowed."
echo "$EASYRSA_EXTRA_EXTS" | grep -q subjectAltName || \ echo "$EASYRSA_EXTRA_EXTS" | grep -q subjectAltName || \
{ {
san=$( san=$(
"$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -text | easyrsa_openssl x509 -in "$crt_in" -noout -text |
sed -n "/X509v3 Subject Alternative Name:/{n;s/ //g;p;}" sed -n "/X509v3 Subject Alternative Name:/{n;s/ //g;p;}"
) )
[ -n "$san" ] && export EASYRSA_EXTRA_EXTS="\ [ -n "$san" ] && export EASYRSA_EXTRA_EXTS="\
@ -1085,7 +1119,7 @@ input in file: $req_in"
fi fi
# get the serial number of the certificate -> serial=XXXX # get the serial number of the certificate -> serial=XXXX
cert_serial="$("$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -serial)" cert_serial="$(easyrsa_openssl x509 -in "$crt_in" -noout -serial)"
# remove the serial= part -> we only need the XXXX part # remove the serial= part -> we only need the XXXX part
cert_serial=${cert_serial##*=} cert_serial=${cert_serial##*=}
@ -1131,11 +1165,11 @@ gen_crl() {
verify_ca_init verify_ca_init
out_file="$EASYRSA_PKI/crl.pem" out_file="$EASYRSA_PKI/crl.pem"
out_file_tmp="$(mktemp "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$out_file_tmp" out_file_tmp="$(easyrsa_mktemp)"
"$EASYRSA_OPENSSL" ca -utf8 -gencrl -out "$out_file_tmp" -config "$EASYRSA_SAFE_CONF" || die "\ easyrsa_openssl ca -utf8 -gencrl -out "$out_file_tmp" || die "\
CRL Generation failed. CRL Generation failed.
" "
mv "$out_file_tmp" "$out_file"; EASYRSA_TEMP_FILE_2= mv "$out_file_tmp" "$out_file"
notice "\ notice "\
An updated CRL has been created. An updated CRL has been created.
@ -1233,7 +1267,7 @@ Missing key expected at: $key_in"
# export the p12: # export the p12:
# shellcheck disable=SC2086 # shellcheck disable=SC2086
"$EASYRSA_OPENSSL" pkcs12 -in "$crt_in" -inkey "$key_in" -export \ easyrsa_openssl pkcs12 -in "$crt_in" -inkey "$key_in" -export \
-out "$pkcs_out" $pkcs_opts || die "\ -out "$pkcs_out" $pkcs_opts || die "\
Export of p12 failed: see above for related openssl errors." Export of p12 failed: see above for related openssl errors."
;; ;;
@ -1242,7 +1276,7 @@ Export of p12 failed: see above for related openssl errors."
# export the p7: # export the p7:
# shellcheck disable=SC2086 # shellcheck disable=SC2086
"$EASYRSA_OPENSSL" crl2pkcs7 -nocrl -certfile "$crt_in" \ easyrsa_openssl crl2pkcs7 -nocrl -certfile "$crt_in" \
-out "$pkcs_out" $pkcs_opts || die "\ -out "$pkcs_out" $pkcs_opts || die "\
Export of p7 failed: see above for related openssl errors." Export of p7 failed: see above for related openssl errors."
;; ;;
@ -1289,13 +1323,12 @@ $file"
If the key is currently encrypted you must supply the decryption passphrase. If the key is currently encrypted you must supply the decryption passphrase.
${crypto:+You will then enter a new PEM passphrase for this key.$NL}" ${crypto:+You will then enter a new PEM passphrase for this key.$NL}"
EASYRSA_TEMP_FILE_2="$file.temp" out_key_tmp="$(easyrsa_mktemp)"
easyrsa_openssl "$key_type" -in "$file" -out "$out_key_tmp" $crypto || die "\
"$EASYRSA_OPENSSL" "$key_type" -in "$file" -out "$EASYRSA_TEMP_FILE_2" $crypto || die "\
Failed to change the private key passphrase. See above for possible openssl Failed to change the private key passphrase. See above for possible openssl
error messages." error messages."
mv "$EASYRSA_TEMP_FILE_2" "$file" || die "\ mv "$out_key_tmp" "$file" || die "\
Failed to change the private key passphrase. See above for error messages." Failed to change the private key passphrase. See above for error messages."
notice "Key passphrase successfully changed" notice "Key passphrase successfully changed"
@ -1306,7 +1339,7 @@ Failed to change the private key passphrase. See above for error messages."
update_db() { update_db() {
verify_ca_init verify_ca_init
"$EASYRSA_OPENSSL" ca -utf8 -updatedb -config "$EASYRSA_SSL_CONF" || die "\ easyrsa_openssl ca -utf8 -updatedb || die "\
Failed to perform update-db: see above for related openssl errors." Failed to perform update-db: see above for related openssl errors."
return 0 return 0
} # => update_db() } # => update_db()
@ -1321,7 +1354,7 @@ display_dn() {
default_server_san() { default_server_san() {
path="$1" path="$1"
cn=$( cn=$(
"$EASYRSA_OPENSSL" req -in "$path" -noout -subject -nameopt sep_multiline | easyrsa_openssl req -in "$path" -noout -subject -nameopt sep_multiline |
awk -F'=' '/^ *CN=/{print $2}' awk -F'=' '/^ *CN=/{print $2}'
) )
echo "$cn" | grep -E -q '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$' echo "$cn" | grep -E -q '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$'
@ -1337,7 +1370,7 @@ default_server_san() {
verify_file() { verify_file() {
format="$1" format="$1"
path="$2" path="$2"
"$EASYRSA_OPENSSL" "$format" -in "$path" -noout 2>/dev/null || return 1 easyrsa_openssl "$format" -in "$path" -noout 2>/dev/null || return 1
return 0 return 0
} # => verify_file() } # => verify_file()
@ -1392,7 +1425,7 @@ Showing $type details for '$name'.
This file is stored at: This file is stored at:
$in_file $in_file
" "
"$EASYRSA_OPENSSL" $format -in "$in_file" -noout -text\ easyrsa_openssl $format -in "$in_file" -noout -text\
-nameopt multiline $opts || die "\ -nameopt multiline $opts || die "\
OpenSSL failure to process the input" OpenSSL failure to process the input"
} # => show() } # => show()
@ -1428,7 +1461,7 @@ Showing $type details for 'ca'.
This file is stored at: This file is stored at:
$in_file $in_file
" "
"$EASYRSA_OPENSSL" $format -in "$in_file" -noout -text\ easyrsa_openssl $format -in "$in_file" -noout -text\
-nameopt multiline $opts || die "\ -nameopt multiline $opts || die "\
OpenSSL failure to process the input" OpenSSL failure to process the input"
} # => show_ca() } # => show_ca()
@ -1496,15 +1529,10 @@ Note: using Easy-RSA configuration from: $vars"
set_var EASYRSA_CRL_DAYS 180 set_var EASYRSA_CRL_DAYS 180
set_var EASYRSA_NS_SUPPORT no set_var EASYRSA_NS_SUPPORT no
set_var EASYRSA_NS_COMMENT "Easy-RSA (~VER~) Generated Certificate" set_var EASYRSA_NS_COMMENT "Easy-RSA (~VER~) Generated Certificate"
set_var EASYRSA_TEMP_CONF "$EASYRSA_PKI/openssl-easyrsa.temp" set_var EASYRSA_TEMP_DIR "$EASYRSA_PKI"
set_var EASYRSA_TEMP_EXT "$EASYRSA_PKI/extensions.temp"
set_var EASYRSA_TEMP_FILE_2 ""
set_var EASYRSA_TEMP_FILE_3 ""
set_var EASYRSA_REQ_CN ChangeMe set_var EASYRSA_REQ_CN ChangeMe
set_var EASYRSA_DIGEST sha256 set_var EASYRSA_DIGEST sha256
set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf" set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf"
set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf"
# Same as above for the x509-types extensions dir # Same as above for the x509-types extensions dir
if [ -d "$EASYRSA_PKI/x509-types" ]; then if [ -d "$EASYRSA_PKI/x509-types" ]; then
@ -1523,8 +1551,7 @@ Note: using Easy-RSA configuration from: $vars"
die "Alg '$EASYRSA_ALGO' is invalid: must be 'rsa' or 'ec'" die "Alg '$EASYRSA_ALGO' is invalid: must be 'rsa' or 'ec'"
fi fi
# Setting OPENSSL_CONF prevents bogus warnings (especially useful on win32) [ -n "$EASYRSA_TEMP_DIR_session" ] || EASYRSA_TEMP_DIR_session="$(mktemp -ud "$EASYRSA_TEMP_DIR/easy-rsa-$$.XXXXXX")"
export OPENSSL_CONF="$EASYRSA_SAFE_CONF"
} # vars_setup() } # vars_setup()
# variable assignment by indirection when undefined; merely exports # variable assignment by indirection when undefined; merely exports

4
easyrsa3/vars.example
View File

@ -71,6 +71,10 @@ fi
#set_var EASYRSA_PKI "$PWD/pki" #set_var EASYRSA_PKI "$PWD/pki"
# Define directory for temporary subdirectories.
#set_var EASYRSA_TEMP_DIR "$EASYRSA_PKI"
# Define X509 DN mode. # Define X509 DN mode.
# This is used to adjust what elements are included in the Subject field as the DN # This is used to adjust what elements are included in the Subject field as the DN
# (this is the "Distinguished Name.") # (this is the "Distinguished Name.")