id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc 788,"EASYRSA_KEY_SIZE, EASYRSA_DIGEST in vars is ignored",bsaner,Eric Crist,"(Please see the [https://github.com/OpenVPN/easy-rsa/issues/111 associated github issue]) easyrsa ignores both EASYRSA_KEY_SIZE in vars...: {{{ [root@g bdisk]# grep KEY vars set_var EASYRSA_KEY_SIZE 4096 [root@g bdisk]# easyrsa init-pki && yes '' | easyrsa build-ca nopass init-pki complete; you may now create a CA or requests. Your newly created PKI dir is: /etc/openvpn/servers/keygen/bdisk/pki Generating a 2048 bit RSA private key ...+++ .............+++ writing new private key to '/etc/openvpn/servers/keygen/bdisk/pki/private/ca.key.Orh3ijGp3Z' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Common Name (eg: your user, host, or server name) [Easy-RSA CA]: CA creation complete and you may now import and sign cert requests. Your new CA certificate file for publishing is at: /etc/openvpn/servers/keygen/bdisk/pki/ca.crt [root@g bdisk]# openssl rsa -in pki/private/ca.key -noout -text | head -n1 Private-Key: (2048 bit) }}} and EASYRSA_DIGEST in vars: {{{ [root@g bdisk]# grep DIGEST vars set_var EASYRSA_DIGEST ""sha512"" [root@g bdisk]# openssl x509 -in pki/ca.crt -noout -text | grep 'Signature Algorithm' Signature Algorithm: sha256WithRSAEncryption Signature Algorithm: sha256WithRSAEncryption }}} As a sidenote, if you use Trac for bugs, you should either have a member focused on watching GitHub Issues for new reports or simply disable Issues on GH- otherwise it gives the impression that you are ignoring bug reports.",Bug / Defect,closed,trivial,,easy-rsa,easyrsa-3.x,"Not set (select this one, unless your'e a OpenVPN developer)",duplicate,keysize,