--- a/easy-rsa/2.0/build-ca +++ b/easy-rsa/2.0/build-ca @@ -1,8 +1,8 @@ -#!/bin/bash +#!/bin/sh # # Build a root certificate # export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --initca $* +"/usr/sbin/pkitool" --interact --initca $* --- a/easy-rsa/2.0/build-dh +++ b/easy-rsa/2.0/build-dh @@ -1,4 +1,6 @@ -#!/bin/bash +#!/bin/sh + +. /etc/easy-rsa/vars # Build Diffie-Hellman parameters for the server side # of an SSL/TLS connection. --- a/easy-rsa/2.0/build-inter +++ b/easy-rsa/2.0/build-inter @@ -1,7 +1,7 @@ -#!/bin/bash +#!/bin/sh # Make an intermediate CA certificate/private key pair using a locally generated # root certificate. export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --inter $* +"/usr/sbin/pkitool" --interact --inter $* --- a/easy-rsa/2.0/build-key +++ b/easy-rsa/2.0/build-key @@ -1,7 +1,7 @@ -#!/bin/bash +#!/bin/sh # Make a certificate/private key pair using a locally generated # root certificate. export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact $* +"/usr/sbin/pkitool" --interact $* --- a/easy-rsa/2.0/build-key-pass +++ b/easy-rsa/2.0/build-key-pass @@ -1,7 +1,7 @@ -#!/bin/bash +#!/bin/sh # Similar to build-key, but protect the private key # with a password. export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --pass $* +"/usr/sbin/pkitool" --interact --pass $* --- a/easy-rsa/2.0/build-key-pkcs12 +++ b/easy-rsa/2.0/build-key-pkcs12 @@ -1,8 +1,8 @@ -#!/bin/bash +#!/bin/sh # Make a certificate/private key pair using a locally generated # root certificate and convert it to a PKCS #12 file including the # the CA certificate as well. export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --pkcs12 $* +"/usr/sbin/pkitool" --interact --pkcs12 $* --- a/easy-rsa/2.0/build-key-server +++ b/easy-rsa/2.0/build-key-server @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Make a certificate/private key pair using a locally generated # root certificate. @@ -7,4 +7,4 @@ # extension in the openssl.cnf file. export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --server $* +"/usr/sbin/pkitool" --interact --server $* --- a/easy-rsa/2.0/build-req +++ b/easy-rsa/2.0/build-req @@ -1,7 +1,7 @@ -#!/bin/bash +#!/bin/sh # Build a certificate signing request and private key. Use this # when your root certificate and key is not available locally. export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --csr $* +"/usr/sbin/pkitool" --interact --csr $* --- a/easy-rsa/2.0/build-req-pass +++ b/easy-rsa/2.0/build-req-pass @@ -1,7 +1,7 @@ -#!/bin/bash +#!/bin/sh # Like build-req, but protect your private key # with a password. export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --csr --pass $* +"/usr/sbin/pkitool" --interact --csr --pass $* --- a/easy-rsa/2.0/clean-all +++ b/easy-rsa/2.0/clean-all @@ -1,4 +1,6 @@ -#!/bin/bash +#!/bin/sh + +. /etc/easy-rsa/vars # Initialize the $KEY_DIR directory. # Note that this script does a --- a/easy-rsa/2.0/inherit-inter +++ b/easy-rsa/2.0/inherit-inter @@ -1,4 +1,6 @@ -#!/bin/bash +#!/bin/sh + +. /etc/easy-rsa/vars # Build a new PKI which is rooted on an intermediate certificate generated # by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should --- a/easy-rsa/2.0/list-crl +++ b/easy-rsa/2.0/list-crl @@ -1,4 +1,6 @@ -#!/bin/bash +#!/bin/sh + +. /etc/easy-rsa/vars # list revoked certificates --- a/easy-rsa/2.0/pkitool +++ b/easy-rsa/2.0/pkitool @@ -1,5 +1,7 @@ #!/bin/sh +. /etc/easy-rsa/vars + # OpenVPN -- An application to securely tunnel IP networks # over a single TCP/UDP port, with support for SSL/TLS-based # session authentication and key exchange, --- a/easy-rsa/2.0/revoke-full +++ b/easy-rsa/2.0/revoke-full @@ -1,4 +1,6 @@ -#!/bin/bash +#!/bin/sh + +. /etc/easy-rsa/vars # revoke a certificate, regenerate CRL, # and verify revocation --- a/easy-rsa/2.0/sign-req +++ b/easy-rsa/2.0/sign-req @@ -1,7 +1,7 @@ -#!/bin/bash +#!/bin/sh # Sign a certificate signing request (a .csr file) # with a local root certificate and key. export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --sign $* +"/usr/sbin/pkitool" --interact --sign $* --- a/easy-rsa/2.0/vars +++ b/easy-rsa/2.0/vars @@ -12,7 +12,7 @@ # This variable should point to # the top level of the easy-rsa # tree. -export EASY_RSA="`pwd`" +export EASY_RSA="/etc/easy-rsa" # # This variable should point to @@ -26,7 +26,7 @@ export GREP="grep" # This variable should point to # the openssl.cnf file included # with easy-rsa. -export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` +export KEY_CONFIG=`/usr/sbin/whichopensslcnf $EASY_RSA` # Edit this variable to point to # your soon-to-be-created key