Support forum for Easy-RSA certificate management suite.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
sp1dergeek
- OpenVpn Newbie
- Posts: 11
- Joined: Mon Dec 02, 2013 3:16 pm
Post
by sp1dergeek » Mon Dec 02, 2013 3:36 pm
Probably just not understanding something here, I'm quite new to OpenVPN. I'm trying to create a new key for a client, with the same name as a previous one (I'm guessing that's the problem at least!). When I use '
build-key john' an error comes up after the build process:
Code: Select all
failed to update database
TXT_DB error number 2
So, I try '
revoke-full john' and I get:
Code: Select all
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
unable to load certificate
3073988760:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
unable to load certificate
3074635928:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
If I grep for the username, I can see it is in index.txt along with a couple of PEM files. Should I delete the line in the index.txt and remove the pem files? And is this not what the revoke-full command should do anyway?
-
maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
-
Contact:
Post
by maikcat » Tue Dec 03, 2013 8:07 am
please check:
you do have permissions to write/modify files,
source vars file before adding certs,
please describe EXACTLY what you are doing,
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
sp1dergeek
- OpenVpn Newbie
- Posts: 11
- Joined: Mon Dec 02, 2013 3:16 pm
Post
by sp1dergeek » Tue Dec 03, 2013 10:46 am
Yes, I get this even run as root.
I've sourced vars, and even hardcoded /etc/openvpn/easy-rsa/ in place of pwd in vars.
Running the commands with ./ prefix in the easy-rsa directory.
-
sp1dergeek
- OpenVpn Newbie
- Posts: 11
- Joined: Mon Dec 02, 2013 3:16 pm
Post
by sp1dergeek » Tue Dec 03, 2013 10:51 am
Trying to think of any other info I can give you. This is a new install on Debian Wheezy. Setting it up as an OpenVPN server for a number of remote clients. Have built a ca and server (twice as forgot to build the server cert first time round), don't know if that's anything to do with it.
Now just trying to regenerate *new* certificates for a particular user, but it won't let me.
-
maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
-
Contact:
Post
by maikcat » Wed Dec 04, 2013 7:08 am
post your files permissions on keys directory (ls -l)
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
sp1dergeek
- OpenVpn Newbie
- Posts: 11
- Joined: Mon Dec 02, 2013 3:16 pm
Post
by sp1dergeek » Wed Dec 04, 2013 4:13 pm
Code: Select all
-rw-r--r-- 1 gavin1 root 3913 Dec 2 13:35 01.pem
-rw-r--r-- 1 root root 4023 Dec 2 14:52 02.pem
-rw-r--r-- 1 root root 3900 Dec 2 14:53 03.pem
-rw-r--r-- 1 root root 3900 Dec 3 19:20 04.pem
-rw-r--r-- 1 root root 3900 Dec 3 19:24 05.pem
-rw-r--r-- 1 root root 3900 Dec 3 19:31 06.pem
-rw-r--r-- 1 root root 3900 Dec 3 19:40 07.pem
-rw-r--r-- 1 root root 3900 Dec 3 19:50 08.pem
-rw-r--r-- 1 root root 3900 Dec 3 19:55 09.pem
-rw-r--r-- 1 root root 3901 Dec 3 20:01 0A.pem
-rw-r--r-- 1 root root 3901 Dec 3 20:05 0B.pem
-rw-r--r-- 1 root root 3901 Dec 3 20:13 0C.pem
-rw-r--r-- 1 root root 3902 Dec 3 20:29 0D.pem
-rw-r--r-- 1 root root 3888 Dec 3 20:34 0E.pem
-rw-r--r-- 1 root root 3888 Dec 3 20:40 0F.pem
-rw-r--r-- 1 root root 3889 Dec 3 20:44 10.pem
-rw-r--r-- 1 gavin1 root 1322 Dec 2 13:32 ca.crt
-rw------- 1 root root 916 Dec 2 13:32 ca.key
-rw-r--r-- 1 gavin1 root 244 Dec 2 14:34 client.conf
-rw-r--r-- 1 root root 524 Dec 3 10:47 crl.pem
-rw-r--r-- 1 gavin1 root 245 Dec 2 14:54 dh1024.pem
-rw-r--r-- 1 root root 1960 Dec 3 20:44 index.txt
-rw-r--r-- 1 root root 21 Dec 3 20:44 index.txt.attr
-rw-r--r-- 1 root root 21 Dec 3 20:40 index.txt.attr.old
-rw-r--r-- 1 root root 1842 Dec 3 20:40 index.txt.old
-rw-r--r-- 1 root root 1846 Dec 3 10:47 revoke-test.pem
-rw-r--r-- 1 root root 0 Dec 2 15:21 user1-j-7.crt
-rw-r--r-- 1 root root 704 Dec 2 15:21 user1-j-7.csr
-rw------- 1 root root 916 Dec 2 15:21 user1-j-7.key
-rw-r--r-- 1 root root 4023 Dec 2 14:52 server.crt
-rw-r--r-- 1 root root 704 Dec 2 14:52 server.csr
-rw------- 1 root root 916 Dec 2 14:52 server.key
-rw-r--r-- 1 root root 3 Dec 3 20:44 serial
-rw-r--r-- 1 root root 3 Dec 3 20:40 serial.old
-
maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
-
Contact:
Post
by maikcat » Thu Dec 05, 2013 7:01 am
are you using a unique CN for the new key?
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
sp1dergeek
- OpenVpn Newbie
- Posts: 11
- Joined: Mon Dec 02, 2013 3:16 pm
Post
by sp1dergeek » Fri Dec 06, 2013 4:54 pm
maikcat wrote:are you using a unique CN for the new key?
Yes
-
maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
-
Contact:
Post
by maikcat » Mon Dec 09, 2013 7:24 am
I'm trying to create a new key for a client, with the same name as a previous one
i somehow missed that part...
what are you trying to do?
if db file is not updated then there is only one cert named john.
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
sp1dergeek
- OpenVpn Newbie
- Posts: 11
- Joined: Mon Dec 02, 2013 3:16 pm
Post
by sp1dergeek » Mon Dec 09, 2013 4:34 pm
I'm trying to make sure that the old user is completely gone, so that i can reuse the name