Generating certificates for new clients
Posted: Mon Aug 22, 2016 3:34 pm
Hello,
I installed OpenVPN on a Ubuntu machine, and generated certificates to allow another Linux client to connect. Verified it's working, and the client is forced to use the VPN tunnel.
In the example I followed, the server certs (including the DH pem file) were moved to /etc/openvpn. Client certs were moved elsewhere.
Now that it's working I'd like to generate certificates to allow me to add additional clients. I tried this by going to /etc/openvpn/easy-rsa and running 'build-key clientname'. I received a message about needing to source vars and .clean-all first. So I ran these commands (knowing that the certificates in the keys folder had already been moved out). Then I tried to generate the client certs again. This time I received a message about missing the CA certs and the private key. I then moved ca.* & dh1024.pem back over to the keys folder and tried again. Now I get a message "Unable to load CA Private Key 140431349081752:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY
Keys are still generating, but I'm guessing they're not valid. In order to generate additional client keys, do I need to re-generate server cert, CAs, and DH Keys? Or am I missing something else?
Thank you!
-bk
I installed OpenVPN on a Ubuntu machine, and generated certificates to allow another Linux client to connect. Verified it's working, and the client is forced to use the VPN tunnel.
In the example I followed, the server certs (including the DH pem file) were moved to /etc/openvpn. Client certs were moved elsewhere.
Now that it's working I'd like to generate certificates to allow me to add additional clients. I tried this by going to /etc/openvpn/easy-rsa and running 'build-key clientname'. I received a message about needing to source vars and .clean-all first. So I ran these commands (knowing that the certificates in the keys folder had already been moved out). Then I tried to generate the client certs again. This time I received a message about missing the CA certs and the private key. I then moved ca.* & dh1024.pem back over to the keys folder and tried again. Now I get a message "Unable to load CA Private Key 140431349081752:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY
Keys are still generating, but I'm guessing they're not valid. In order to generate additional client keys, do I need to re-generate server cert, CAs, and DH Keys? Or am I missing something else?
Thank you!
-bk