# easy-rsa scripts from openvpn



## meciarz (Jun 22, 2012)

Hi,

I am trying to use easy-rsa scripts (OpenVPN)
File vars - sets parameters:

```
# cat vars
# easy-rsa parameter settings

EASY_RSA=`pwd`
export EASY_RSA

OPENSSL=openssl
export OPENSSL
PKCS11TOOL=pkcs11-tool
export=PKCS11TOOL
GREP=grep
export GREP

KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
export KEY_CONFIG

KEY_DIR=$EASY_RSA/keys
export KEY_DIR

# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR

# PKCS11 fixes
PKCS11_MODULE_PATH=dummy
export PKCS11_MODULE_PATH
PKCS11_PIN=dummy
export PKCS11_PIN

KEY_SIZE=1024
export KEY_SIZE

# In how many days should the root CA key expire?
CA_EXPIRE=3650
export CA_EXPIRE

# In how many days should certificates expire?
KEY_EXPIRE=3650
export KEY_EXPIRE

# These are the default values for fields
# which will be placed in the certificate.
KEY_COUNTRY=PL
export KEY_COUNTRY
KEY_PROVINCE=Wielkopolskie
export KEY_PROVINCE
KEY_CITY=Gniezno
export KEY_CITY
KEY_ORG=SW
export KEY_ORG
KEY_EMAIL=
export KEY_EMAIL
KEY_CN=
export KEY_CN
KEY_NAME=
export KEY_NAME
KEY_OU=IT
export KEY_OU
PKCS11_MODULE_PATH=
export PKCS11_MODULE_PATH
PKCS11_PIN=
export PKCS11_PIN
```
File build-dh.


```
# cat build-dh
#!/bin/sh

# Build Diffie-Hellman parameters for the server side
# of an SSL/TLS connection.

if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then
    $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
else
    echo 'Please source the vars script first (i.e. ". ./vars")'
    echo 'Make sure you have edited it to reflect your configuration.'
fi
```
As is written in README, I should run *./vars* then *./build-dh*, and rest of scripts, so

```
# ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /root/scripts/keys
```
OK, it looks good, then:

```
# ./build-dh
Please source the vars script first (i.e. ". ./vars")
Make sure you have edited it to reflect your configuration.
```
And it's not good, the $KEY_DIR and $KEY_SIZE are not set.
Command [cmd=]# echo $KEY_SIZE[/cmd] returns nothing.

I tried shells sh and csh, also I had changed export to set or setenv.
Any of these combinations don't work. What I can do more to run this?


----------



## kpa (Jun 22, 2012)

There's a big difference between sourcing and executing scripts. What you're now doing is executing them and that makes all the variable assignments happen in separate shell, not in the one you're starting them from. So do this instead:

`# source ./vars`

The "dot" command is actually an alias for the command source, that's why the instructions say:

`# . ./vars`

If you look carefully you'll see there's a space between the two dots. The first dot is the command.


----------



## meciarz (Jun 22, 2012)

Thanks kpa
Now all goes great


----------

