easyrsa sign-req

Support forum for Easy-RSA certificate management suite.
Post Reply
backspin
OpenVpn Newbie
Posts: 1
Joined: Sun Aug 27, 2017 4:37 pm

easyrsa sign-req

Post by backspin » Sun Aug 27, 2017 4:46 pm

Hello,

I'm having difficulty figuring out how to have easyrsa create a signed certificate for my private key.

I've run the following commands

./easyrsa init-pki
./easyrsa gen-req myclient

However the next step should be to create a certificate .crt for the .key that was created, but I'm not understanding the instructions on how to do so.

This is the example given.
./easyrsa sign client UNIQUE_SHORT_FILE_NAME

But this is the error when I try to run it.

-----------------------------------------------------------------------------------------
root@lede:/etc/openvpn# /usr/sbin/easyrsa sign-req client myclient

Easy-RSA error:

Unknown cert type 'client'
----------------------------------------------------------------------------------------

Any ideas of what I could be doing wrong?

*EDIT*

I'm creating client keys for my OpenWrt router to connect, AS A CLIENT, to a OpenVPN server. I've been trying to use these instructions. https://community.openvpn.net/openvpn/w ... nVPN-Howto

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2818
Joined: Fri Jun 03, 2016 1:17 pm

Re: easyrsa sign-req

Post by TinCanTech » Mon Aug 28, 2017 1:23 pm

backspin wrote:This is the example given.
./easyrsa sign client UNIQUE_SHORT_FILE_NAME
That is a documentation error because the correct command is:

Code: Select all

./easyrsa sign-req client UNIQUE_SHORT_FILE_NAME
Now corrected.

I expect you are using an older version of easyrsa3.

Also, there is a bug related to what you are seeing:
https://github.com/OpenVPN/easy-rsa/issues/145

Post Reply