Please correct build-dh.bat

This is where we can discuss what we would like to see added or changed in OpenVPN.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
alex.limbeck
OpenVpn Newbie
Posts: 2
Joined: Fri Jul 28, 2017 2:24 pm

Please correct build-dh.bat

Post by alex.limbeck » Fri Jul 28, 2017 2:34 pm

I just downloaded the last openvpn-install-2.3.17-I001-i686.exe (for Windows XP)

I am following this guide:
https://openvpn.net/index.php/open-sour ... o.html#pki

But when I start build-dh.bat I obtain this warning:
WARNING: can't open config file: /etc/ssl/openssl.cnf

I found the solution is to set OPENSSL_CONF with this command:
set OPENSSL_CONF=%HOME%\openssl-1.0.0.cnf

Can You please update the build-dh.bat file ?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Please correct build-dh.bat

Post by TinCanTech » Fri Jul 28, 2017 2:39 pm


alex.limbeck
OpenVpn Newbie
Posts: 2
Joined: Fri Jul 28, 2017 2:24 pm

Re: Please correct build-dh.bat

Post by alex.limbeck » Mon Jul 31, 2017 10:36 am

I am now using EasyRSA-3.0.1-rc2, but I see the same warning:

openssl dhparam -out %KEY_DIR%/dh%KEY_SIZE%.pem %KEY_SIZE%
WARNING: can't open config file: /etc/ssl/openssl.cnf

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Please correct build-dh.bat

Post by TinCanTech » Mon Jul 31, 2017 12:15 pm

That problem is hard coded into openssl.exe

You can copy the file ..\openvpn\easy-rsa\openssl-1.0.0.cnf to \etc\ssl\openssl.cnf

I doubt it will ever be fixed in that version of openssl ..

ArmandoB
OpenVpn Newbie
Posts: 1
Joined: Wed Nov 15, 2017 12:55 pm

Re: Please correct build-dh.bat

Post by ArmandoB » Fri Nov 17, 2017 12:20 pm

TinCanTech wrote:
Mon Jul 31, 2017 12:15 pm
That problem is hard coded into openssl.exe

You can copy the file ..\openvpn\easy-rsa\openssl-1.0.0.cnf to \etc\ssl\openssl.cnf

I doubt it will ever be fixed in that version of openssl ..
Fair enough, I'm still having the issue so I gues it wil never get fixed. :(

Post Reply