My main issue is that when it came to build-dh, where it had taken 10+ minutes and a lot of lines on the *buntu side of things, it took 2 minutes and 10 lines of the -------+------ animation (which I assume is the process picking primes) until it claims it was finished.
Both were generated on the same machine (dual-boot) with a 2048 bit long safe prime.
No other errors except "WARNING: can't open config file: /etc/ssl/openssl.cnf"
Considering the huge disparity in the time taken and prime indications, did it even generate a secure enough DH?
Code: Select all
C:\Program Files\OpenVPN\easy-rsa>build-key-pass xxxx
WARNING: can't open config file: /etc/ssl/openssl.cnf
Loading 'screen' into random state - done
Generating a 2048 bit RSA private key
...............................+++
.................................+++
writing new private key to 'keys\xxxx.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [xx]:
Locality Name (eg, city) [xxxx]:
Organization Name (eg, company) [Personal]:
Organizational Unit Name (eg, section) [Remote]:
Common Name (eg, your name or your server's hostname) [LAT]:xxxx
Name [Lat]:xxxxx
Email Address [xxxx]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:xxxxxxxx
An optional company name []:
WARNING: can't open config file: /etc/ssl/openssl.cnf
Using configuration from openssl-1.0.0.cnf
Loading 'screen' into random state - done
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'xx'
localityName :PRINTABLE:'xxxx'
organizationName :PRINTABLE:'Personal'
organizationalUnitName:PRINTABLE:'Remote'
commonName :PRINTABLE:'xxxx'
name :PRINTABLE:'xxxxx'
emailAddress :IA5STRING:'xxxxxxx'
Certificate is to be certified until Feb 27 16:05:31 2026 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
C:\Program Files\OpenVPN\easy-rsa>build-dh
WARNING: can't open config file: /etc/ssl/openssl.cnf
Loading 'screen' into random state - done
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.............................+..................................................
................................................................................
..............+.................+..........................................+....
............................................................+...................
.....................................+..............................+...........
...................+............................................................
..........................................+.....................................
..........................+.....................................................
................................................................................
................................................................................
................................+...............................................
..........................+.........+.+.........................................
..................................................................++*++*
C:\Program Files\OpenVPN\easy-rsa>