Creating Certificates Using Easy RSA in Windows

Support forum for Easy-RSA certificate management suite.
Post Reply
OpenVpn Newbie
Posts: 2
Joined: Wed Jul 03, 2019 8:54 am

Creating Certificates Using Easy RSA in Windows

Post by minofso » Mon Aug 19, 2019 8:16 pm

I have installed the latest version of OpenVPN 2.47 for windows 7/8/8.1 installed on a W7 pc.
I am trying to create the certificates but there is always an error with 'Build-ca' command.
I am opening CMD as admin from the 'easy-rsa' directory and also editing the 'vars.bat' file with notepad also as admin.
After completing the editing of the 'set key' parameters at the bottom of the 'vars.bat' file and then saving it, then running the commands
vars - clean-all - build-ca then I am left with these errors

Here is a run-down of the commands used

C:\Program Files\OpenVPN\easy-rsa>init-config

C:\Program Files\OpenVPN\easy-rsa>copy vars.bat.sample vars.bat
1 file(s) copied.

C:\Program Files\OpenVPN\easy-rsa>vars

C:\Program Files\OpenVPN\easy-rsa>clean-all
1 file(s) copied.
1 file(s) copied.

C:\Program Files\OpenVPN\easy-rsa>build-ca
req: Error on line 139 of config file "openssl-1.0.0.cnf"
Generating a RSA private key
writing new private key to 'keys\ca.key'
unable to find 'distinguished_name' in config
problems making Certificate Request
2548:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or envi
ronment variable:crypto/conf/conf_lib.c:272:

C:\Program Files\OpenVPN\easy-rsa>

Here is a copy of the vars.bat sample

@echo off
rem Edit this variable to point to
rem the openssl.cnf file included
rem with easy-rsa.

rem Automatically set PATH to openssl.exe
FOR /F "tokens=2*" %%a IN ('REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN"') DO set "PATH=%PATH%;%%b\bin"

rem Alternatively define the PATH to openssl.exe manually
rem set "PATH=%PATH%;C:\Program Files\OpenVPN\bin"

set HOME=%ProgramFiles%\OpenVPN\easy-rsa
set KEY_CONFIG=openssl-1.0.0.cnf

rem Edit this variable to point to
rem your soon-to-be-created key
rem directory.
rem WARNING: clean-all will do
rem a rm -rf on this directory
rem so make sure you define
rem it correctly!
set KEY_DIR=keys

rem Increase this if you
rem are paranoid. This will slow
rem down TLS negotiation performance
rem as well as the one-time DH parms
rem generation process.
set DH_KEY_SIZE=2048

rem Private key size
set KEY_SIZE=4096

rem These are the default values for fields
rem which will be placed in the certificate.
rem Change these to reflect your site.
rem Don't leave any of these parms blank.

set KEY_CITY=SanFrancisco
set KEY_EMAIL=mail@host.domain
set KEY_CN=changeme
set KEY_NAME=changeme
set KEY_OU=changeme
set PKCS11_MODULE_PATH=changeme
set PKCS11_PIN=1234

Can anyone please enlighten me on where these errors are coming from and how to rectify them?
Thanks in advance

User avatar
OpenVPN Protagonist
Posts: 5917
Joined: Fri Jun 03, 2016 1:17 pm

Re: Creating Certificates Using Easy RSA in Windows

Post by TinCanTech » Mon Aug 19, 2019 8:27 pm

Post Reply