Error setting openssl-1.1.0 does not find openssl.cnf

Support forum for Easy-RSA certificate management suite.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
meper0312
OpenVpn Newbie
Posts: 1
Joined: Fri Jul 07, 2017 11:26 am

Error setting openssl-1.1.0 does not find openssl.cnf

Post by meper0312 » Fri Jul 07, 2017 12:09 pm

Good mornig
root@Juanjo:/etc/openvpn/easy-rsa# . ./vars
**************************************************************
No /etc/openvpn/easy-rsa/openssl.cnf file could be found
Further invocations will fail
**************************************************************
The problem has to be in the swhichopensslcnf script that does not have support for openssl-1.1.0
Easy-rsa has support for openssl-1.1.0?
ot@Juanjo:/etc/openvpn/easy-rsa# ls
build-ca build-key-server list-crl sign-req
build-dh build-req openssl-0.9.6.cnf vars
build-inter build-req-pass openssl-0.9.8.cnf whichopensslcnf
build-key clean-all openssl-1.0.0.cnf
build-key-pass inherit-inter pkitool
build-key-pkcs12 keys revoke-full

How can I solve this problem
please
Thank you

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Error setting openssl-1.1.0 does not find openssl.cnf

Post by TinCanTech » Fri Jul 07, 2017 2:55 pm

The simplest way is to use EasyRSA 3.0.1 :
https://github.com/OpenVPN/easy-rsa/releases

User avatar
NiMing8
OpenVpn Newbie
Posts: 19
Joined: Tue Jul 25, 2017 2:02 am

Re: Error setting openssl-1.1.0 does not find openssl.cnf

Post by NiMing8 » Sun Aug 20, 2017 9:56 am

Any other solutions to this?
Raspbian Debian Sketch build is broke with this issue and easy-rsa 3.0 is not available in their repository.
Thanks!

NTSI_MM
OpenVpn Newbie
Posts: 1
Joined: Wed Dec 27, 2017 2:46 pm

Re: Error setting openssl-1.1.0 does not find openssl.cnf

Post by NTSI_MM » Wed Dec 27, 2017 2:56 pm

The reason for this error can be found in the whichopensslcnf itself:
it interprets the output auf "openssl version". In current versions (like in Debian 9.3.0) it is V1.1.X so the output is like this:

Code: Select all

:~$ openssl version
OpenSSL 1.1.0f  25 May 2017
So simply do that and it will work:

Code: Select all

nano /etc/openvpn/easy-rsa/whichopensslcnf
Add the following lines:

Code: Select all

    elif $OPENSSL version | grep -E "1\.1\.[[:digit:]][[:alnum:]]?" > /dev/null$
        cnf="$1/openssl-1.0.0.cnf"
Then save.

Next time it will find it at least at my system.

I'm not too familiar with the code of "openssl-1.0.0.cnf" and currently cannot answer the question if the cnf is fully compatible with OpenSSL 1.1.X or if there better should be a "openssl-1.1.0.cnf". At least I couldn't figure out a problem yet if doing it like described above.

Kind regards

MM

Post Reply