[Solved] WARNING: can't open config file: /etc/ssl/openssl.cnf

Support forum for Easy-RSA certificate management suite.
Locked
bimmerdriver
OpenVPN Power User
Posts: 54
Joined: Thu Sep 08, 2016 7:56 pm

[Solved] WARNING: can't open config file: /etc/ssl/openssl.cnf

Post by bimmerdriver » Sun Sep 18, 2016 9:03 pm

I'm trying to set up a server on a Windows 10 pc for testing. I'm stuck on the step of creating keys. I downloaded the latest version of openvpn and easyrsa. I'm following the instructions on https://openvpn.net/index.php/open-sour ... o.html#pki. I'm getting the error
C:\Program Files\OpenVPN\easy-rsa>build-ca
WARNING: can't open config file: /etc/ssl/openssl.cnf
I searched about this. It seems to be a long-standing problem. One recommended fix was to set an environment variable pointing to the openssl config file. That did not work. For some reason, the variable is not expanding properly. Maybe this is an issue due a difference between Windows 10 and previous versions of Windows.

Is there a fix or work-around for this?

bimmerdriver
OpenVPN Power User
Posts: 54
Joined: Thu Sep 08, 2016 7:56 pm

Re: WARNING: can't open config file: /etc/ssl/openssl.cnf

Post by bimmerdriver » Sun Sep 18, 2016 10:26 pm

I downloaded and installed easyrsa 3.0.1 to see if it would address this issue, but I can't get the eashrsa-start.bat batch file to run.
C:\Program Files\OpenVPN\EasyRSA-3.0.1>EasyRSA-Start.bat
'bin\sh.exe' is not recognized as an internal or external command, operable program or batch file.
The readme implies that a shell execution environment is included with the installation, but I don't see it anywhere. I must be missing something.

Has anyone got this working?

bimmerdriver
OpenVPN Power User
Posts: 54
Joined: Thu Sep 08, 2016 7:56 pm

Re: WARNING: can't open config file: /etc/ssl/openssl.cnf

Post by bimmerdriver » Sun Sep 18, 2016 10:47 pm

Here's the latest in this saga: https://github.com/OpenVPN/easy-rsa/issues/79. Apparently sh.exe and other related executables were NOT included in the distribution and this has been known since October 2015?!?!?!? Take a moment to read the comments. Honestly, I can't believe the attitude of people and I find it hard to believe this hasn't been addressed almost a year after the fact. I downloaded 3.0.0-rc2 and copied the files from it. So far so good. I realize this is an open source project, but it's astonishing to see the lack of motivation.

bimmerdriver
OpenVPN Power User
Posts: 54
Joined: Thu Sep 08, 2016 7:56 pm

Re: WARNING: can't open config file: /etc/ssl/openssl.cnf

Post by bimmerdriver » Sun Sep 18, 2016 11:38 pm

That didn't work. The latest release is broken, even with the entire bin folder from 3.0.0-rc2 copied in. I encountered more errors and found viewtopic.php?f=31&t=21277 when I searched for the errors.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2995
Joined: Fri Jun 03, 2016 1:17 pm

Re: WARNING: can't open config file: /etc/ssl/openssl.cnf

Post by TinCanTech » Mon Sep 19, 2016 12:54 pm


bimmerdriver
OpenVPN Power User
Posts: 54
Joined: Thu Sep 08, 2016 7:56 pm

Re: WARNING: can't open config file: /etc/ssl/openssl.cnf

Post by bimmerdriver » Mon Sep 19, 2016 5:30 pm

Thank you for the reply. I was able to generate the files when I downloaded v3.0.0-rc2. I searched in the bug database for easyrsa and crypto. Unless I missed something, there appear to be no bug reports regarding this issue. At the very least, the pki section of the howto should be updated to reflect this, but you would think that easyrsa would have been fixed after being broken for this long.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2995
Joined: Fri Jun 03, 2016 1:17 pm

Re: WARNING: can't open config file: /etc/ssl/openssl.cnf

Post by TinCanTech » Mon Sep 19, 2016 8:03 pm

bimmerdriver wrote:you would think that easyrsa would have been fixed after being broken for this long
The maintainer has been reminded- :mrgreen: -But you have solved your problem.

bimmerdriver
OpenVPN Power User
Posts: 54
Joined: Thu Sep 08, 2016 7:56 pm

Re: WARNING: can't open config file: /etc/ssl/openssl.cnf

Post by bimmerdriver » Tue Sep 20, 2016 2:34 am

TinCanTech wrote:
bimmerdriver wrote:you would think that easyrsa would have been fixed after being broken for this long
The maintainer has been reminded- :mrgreen: -But you have solved your problem.
Yes, that's true, but it doesn't reflect well on openvpn for a fundamental component to be broken (not just the component, but the wiki).

Locked