OpenVPN Support Forum

I'm trying to set up a server on a Windows 10 pc for testing. I'm stuck on the step of creating keys. I downloaded the latest version of openvpn and easyrsa. I'm following the instructions on https://openvpn.net/index.php/open-sour ... o.html#pki. I'm getting the error

C:\Program Files\OpenVPN\easy-rsa>build-ca
WARNING: can't open config file: /etc/ssl/openssl.cnf

I searched about this. It seems to be a long-standing problem. One recommended fix was to set an environment variable pointing to the openssl config file. That did not work. For some reason, the variable is not expanding properly. Maybe this is an issue due a difference between Windows 10 and previous versions of Windows.

Is there a fix or work-around for this?

I downloaded and installed easyrsa 3.0.1 to see if it would address this issue, but I can't get the eashrsa-start.bat batch file to run.

C:\Program Files\OpenVPN\EasyRSA-3.0.1>EasyRSA-Start.bat
'bin\sh.exe' is not recognized as an internal or external command, operable program or batch file.

The readme implies that a shell execution environment is included with the installation, but I don't see it anywhere. I must be missing something.

Has anyone got this working?

Here's the latest in this saga: https://github.com/OpenVPN/easy-rsa/issues/79. Apparently sh.exe and other related executables were NOT included in the distribution and this has been known since October 2015?!?!?!? Take a moment to read the comments. Honestly, I can't believe the attitude of people and I find it hard to believe this hasn't been addressed almost a year after the fact. I downloaded 3.0.0-rc2 and copied the files from it. So far so good. I realize this is an open source project, but it's astonishing to see the lack of motivation.

That didn't work. The latest release is broken, even with the entire bin folder from 3.0.0-rc2 copied in. I encountered more errors and found viewtopic.php?f=31&t=21277 when I searched for the errors.

This has all the required files:
https://github.com/OpenVPN/easy-rsa/rel ... v3.0.0-rc2

Thank you for the reply. I was able to generate the files when I downloaded v3.0.0-rc2. I searched in the bug database for easyrsa and crypto. Unless I missed something, there appear to be no bug reports regarding this issue. At the very least, the pki section of the howto should be updated to reflect this, but you would think that easyrsa would have been fixed after being broken for this long.

bimmerdriver wrote:you would think that easyrsa would have been fixed after being broken for this long

The maintainer has been reminded- -But you have solved your problem.

TinCanTech wrote:

bimmerdriver wrote:you would think that easyrsa would have been fixed after being broken for this long

The maintainer has been reminded- -But you have solved your problem.

Yes, that's true, but it doesn't reflect well on openvpn for a fundamental component to be broken (not just the component, but the wiki).