Page 1 of 1
./build-ca error
Posted: Mon Apr 27, 2020 8:45 am
by gattaca
hi specialist, I'm a new learner, when I use EasyRSA-3.0.7 to bulid-ca on my WindowsServer 2012R2, it not working , some errors happened, please help me solve this problem, Thanks
my cmd commends is in below:
Code: Select all
init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: C:/Program Files/OpenVPN/EasyRSA-3.0.7/pki
EasyRSA Shell
# ./easyrsa build-ca
Using SSL: openssl OpenSSL 1.1.0j 20 Nov 2018
path = C:/Program Files/OpenVPN/EasyRSA-3.0.7/pki/easy-rsa-3900.a04956/tmp.XXXXXX
lpPathBuffer = C:\Users\ADMINI~1\AppData\Local\Temp\2\
szTempName = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpA763.tmp
path = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpA763.tmp
fd = 3
path = C:/Program Files/OpenVPN/EasyRSA-3.0.7/pki/easy-rsa-3900.a04956/tmp.XXXXXX
lpPathBuffer = C:\Users\ADMINI~1\AppData\Local\Temp\2\
szTempName = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpA7C1.tmp
path = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpA7C1.tmp
fd = 3
path = C:/Program Files/OpenVPN/EasyRSA-3.0.7/pki/easy-rsa-3900.a04956/tmp.XXXXXX
lpPathBuffer = C:\Users\ADMINI~1\AppData\Local\Temp\2\
szTempName = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpA83E.tmp
path = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpA83E.tmp
fd = 3
Enter New CA Key Passphrase:
Re-Enter New CA Key Passphrase:
Extra arguments given.
genrsa: Use -help for summary.
Easy-RSA error:
Failed create CA private key
Re: ./build-ca error
Posted: Mon Apr 27, 2020 11:19 am
by TinCanTech
Re: ./build-ca error
Posted: Tue Apr 28, 2020 5:53 am
by gattaca
here is result, what shall I do next ?
Code: Select all
EasyRSA Shell
# ./easyrsa help
Easy-RSA 3 usage and overview
USAGE: easyrsa [options] COMMAND [command-options]
A list of commands is shown below. To get detailed usage and help for a
command, run:
./easyrsa help COMMAND
For a listing of options that can be supplied before the command, use:
./easyrsa help options
Here is the list of commands available with a short syntax reminder. Use the
'help' command above to get full usage details.
init-pki
build-ca [ cmd-opts ]
gen-dh
gen-req <filename_base> [ cmd-opts ]
sign-req <type> <filename_base>
build-client-full <filename_base> [ cmd-opts ]
build-server-full <filename_base> [ cmd-opts ]
revoke <filename_base> [cmd-opts]
renew <filename_base> [cmd-opts]
build-serverClient-full <filename_base> [ cmd-opts ]
gen-crl
update-db
show-req <filename_base> [ cmd-opts ]
show-cert <filename_base> [ cmd-opts ]
show-ca [ cmd-opts ]
import-req <request_file_path> <short_basename>
export-p7 <filename_base> [ cmd-opts ]
export-p12 <filename_base> [ cmd-opts ]
set-rsa-pass <filename_base> [ cmd-opts ]
set-ec-pass <filename_base> [ cmd-opts ]
upgrade <type>
DIRECTORY STATUS (commands would take effect on these locations)
EASYRSA: .
PKI: C:/Program Files/OpenVPN/EasyRSA-3.0.7/pki
Re: ./build-ca error
Posted: Tue Apr 28, 2020 11:19 am
by TinCanTech
gattaca wrote: ↑Tue Apr 28, 2020 5:53 am
what shall I do next ?
Read help ...
Re: ./build-ca error
Posted: Wed Apr 29, 2020 6:24 am
by gattaca
hi specialist,by your suggestion,I have read help for many times and I noticed that I can use [./easyrsa build-ca nopass] to create a non-encrypt CA
Code: Select all
# ./easyrsa build-ca nopass
Using SSL: openssl OpenSSL 1.1.0j 20 Nov 2018
path = C:/Program Files/OpenVPN/EasyRSA-3.0.7/pki/easy-rsa-884.a03632/tmp.XXXXXX
lpPathBuffer = C:\Users\ADMINI~1\AppData\Local\Temp\2\
szTempName = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpE331.tmp
path = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpE331.tmp
fd = 3
path = C:/Program Files/OpenVPN/EasyRSA-3.0.7/pki/easy-rsa-884.a03632/tmp.XXXXXX
lpPathBuffer = C:\Users\ADMINI~1\AppData\Local\Temp\2\
szTempName = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpE3BE.tmp
path = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpE3BE.tmp
fd = 3
Generating RSA private key, 2048 bit long modulus
...............................................................................................................
..................................+++++
...............................................................................................................
........................+++++
e is 65537 (0x010001)
path = C:/Program Files/OpenVPN/EasyRSA-3.0.7/pki/easy-rsa-884.a03632/tmp.XXXXXX
lpPathBuffer = C:\Users\ADMINI~1\AppData\Local\Temp\2\
szTempName = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpE739.tmp
path = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpE739.tmp
fd = 3
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:Gattaca
CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
C:/Program Files/OpenVPN/EasyRSA-3.0.7/pki/ca.crt
it seems working! But I'm still confused about encrypted CA,no matter what phrase I input,it always reports errors…What's wrong with it
Re: ./build-ca error
Posted: Wed Apr 29, 2020 12:34 pm
by TinCanTech
gattaca wrote: ↑Wed Apr 29, 2020 6:24 am
I'm still confused about encrypted CA,no matter what phrase I input,it always reports errors…What's wrong with it
You are correct, It seems there is a bug ..
Please report this to the EasyRSA maintainer. Please include the version of EasyRSA that you are using.
Re: ./build-ca error
Posted: Thu Apr 30, 2020 1:11 am
by gattaca
OK, thank you for helping!