diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 261336f..7b9a79b 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -1661,7 +1661,7 @@ Note: using Easy-RSA configuration from: $vars"
 	
 	# Set defaults, preferring existing env-vars if present
 	set_var EASYRSA		"$prog_dir"
-	set_var EASYRSA_OPENSSL	openssl
+	set_var EASYRSA_OPENSSL	"@openssl@"
 	set_var EASYRSA_PKI	"$PWD/pki"
 	set_var EASYRSA_DN	cn_only
 	set_var EASYRSA_REQ_COUNTRY	"US"
@@ -1683,16 +1683,31 @@ Note: using Easy-RSA configuration from: $vars"
 	set_var EASYRSA_TEMP_DIR	"$EASYRSA_PKI"
 	set_var EASYRSA_REQ_CN		ChangeMe
 	set_var EASYRSA_DIGEST		sha256
-	set_var EASYRSA_SSL_CONF	"$EASYRSA_PKI/openssl-easyrsa.cnf"
-	set_var EASYRSA_SAFE_CONF	"$EASYRSA_PKI/safessl-easyrsa.cnf"
 	set_var EASYRSA_KDC_REALM	"CHANGEME.EXAMPLE.COM"
 
+	if [ -f "$EASYRSA_PKI/safessl-easyrsa.conf" ]; then
+		set_var EASYRSA_SAFE_CONF	"$EASYRSA_PKI/safessl-easyrsa.cnf"
+	elif [ -f "$EASYRSA/safessl-easyrsa.conf" ]; then
+		set_var EASYRSA_SAFE_CONF	"$EASYRSA/safessl-easyrsa.cnf"
+	elif [ -f "@out@/share/easyrsa/safessl-easyrsa.cnf" ]; then
+		set_var EASYRSA_SAFE_CONF	"@out@/share/easyrsa/safessl-easyrsa.cnf"
+	fi
+
+	if [ -f "$EASYRSA_PKI/openssl-easyrsa.conf" ]; then
+		set_var EASYRSA_SSL_CONF	"$EASYRSA_PKI/openssl-easyrsa.cnf"
+	elif [ -f "$EASYRSA/openssl-easyrsa.conf" ]; then
+		set_var EASYRSA_SSL_CONF	"$EASYRSA/openssl-easyrsa.cnf"
+	elif [ -f "@out@/share/easyrsa/openssl-easyrsa.cnf" ]; then
+		set_var EASYRSA_SSL_CONF	"@out@/share/easyrsa/openssl-easyrsa.cnf"
+	fi
+
 	# Same as above for the x509-types extensions dir
 	if [ -d "$EASYRSA_PKI/x509-types" ]; then
 		set_var EASYRSA_EXT_DIR		"$EASYRSA_PKI/x509-types"
-	else	
-		#TODO: This should be removed.  Not really suitable for packaging.
+	elif [ -d "$EASYRSA/x509-types" ]; then
 		set_var EASYRSA_EXT_DIR		"$EASYRSA/x509-types"
+	else
+		set_var EASYRSA_EXT_DIR		"@out@/share/easyrsa/x509-types"
 	fi
 
 	# EASYRSA_ALGO_PARAMS must be set depending on selected algo