build-key-server: "Ignoring -days; not generating a certificate"

Support forum for Easy-RSA certificate management suite.
Post Reply
maxburn
OpenVPN User
Posts: 38
Joined: Mon Dec 12, 2016 6:07 pm

build-key-server: "Ignoring -days; not generating a certificate"

Post by maxburn » Mon Jul 13, 2020 7:05 pm

I've duplicated this twice now by uninstalling and reinstalling OpenVPN with EasyRSA, what could be wrong?

C:\Program Files\OpenVPN\easy-rsa>build-key-server server
Ignoring -days; not generating a certificate

This is using; openvpn-install-2.4.9-I601-Win10

Code: Select all

Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.

C:\windows\system32>cd C:\Program Files\OpenVPN\easy-rsa

C:\Program Files\OpenVPN\easy-rsa>init-config

C:\Program Files\OpenVPN\easy-rsa>copy vars.bat.sample vars.bat
        1 file(s) copied.

C:\Program Files\OpenVPN\easy-rsa>vars

C:\Program Files\OpenVPN\easy-rsa>clean-all
        1 file(s) copied.
        1 file(s) copied.

C:\Program Files\OpenVPN\easy-rsa>build-ca
Generating a RSA private key
.........................................++++
............................................................++++
writing new private key to 'keys\ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:
State or Province Name (full name) []:
Locality Name (eg, city) []:
Organization Name (eg, company) []:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [changeme]:
Name [changeme]:
Email Address [it@.com]:

C:\Program Files\OpenVPN\easy-rsa>build-key-server server
Ignoring -days; not generating a certificate
Generating a RSA private key
.............................++++
.....................................................................................++++
writing new private key to 'keys\server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:

maxburn
OpenVPN User
Posts: 38
Joined: Mon Dec 12, 2016 6:07 pm

Re: build-key-server: "Ignoring -days; not generating a certificate"

Post by maxburn » Mon Jul 13, 2020 7:33 pm

I downgraded to openvpn-install-2.4.8-I602-Win10 and now that command doesn't throw that error and I can complete my new server.

Looks like a bug in 2.4.9 to me?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7584
Joined: Fri Jun 03, 2016 1:17 pm

Re: build-key-server: "Ignoring -days; not generating a certificate"

Post by TinCanTech » Mon Jul 13, 2020 7:44 pm

maxburn wrote:
Mon Jul 13, 2020 7:33 pm
Looks like a bug in 2.4.9 to me?
If you are sure it is not user error then you should report the bug to the maintainer.

viewtopic.php?f=30&t=22603#p79634

maxburn
OpenVPN User
Posts: 38
Joined: Mon Dec 12, 2016 6:07 pm

Re: build-key-server: "Ignoring -days; not generating a certificate"

Post by maxburn » Mon Jul 13, 2020 8:08 pm

TinCanTech wrote:
Mon Jul 13, 2020 7:44 pm
If you are sure it is not user error then you should report the bug to the maintainer.

viewtopic.php?f=30&t=22603#p79634
I don't see a maintainer mentioned on that thread and that thread tells me to post it on this sub forum here??

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7584
Joined: Fri Jun 03, 2016 1:17 pm

Re: build-key-server: "Ignoring -days; not generating a certificate"

Post by TinCanTech » Mon Jul 13, 2020 10:37 pm

I believe this is where it lives:
https://github.com/OpenVPN/easy-rsa-old

The link was to encourage you to upgrade (again).

maxburn
OpenVPN User
Posts: 38
Joined: Mon Dec 12, 2016 6:07 pm

Re: build-key-server: "Ignoring -days; not generating a certificate"

Post by maxburn » Tue Jul 14, 2020 11:05 am

I think we are talking past each other or maybe I wasn't clear in OP. This was a new azure server and I've never installed EasyRSA on it's own, I'm using the OpenVPN installation option to install "EasyRSA 2 Certificate Management Scripts" so I've got no idea if this problem is with the bundled OpenVPN version or the upstream EasyRSA, which version is bundled etc. This worked under the previous version of OpenVPN, I've now got the server up and running so that's why I posted it here. You can also see from the terminal I posted I'm following the "howto" article on generating keys, nothing radical.

The OS is Windows server 2016 version 1607 build 14393.3750.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7584
Joined: Fri Jun 03, 2016 1:17 pm

Re: build-key-server: "Ignoring -days; not generating a certificate"

Post by TinCanTech » Tue Jul 14, 2020 11:18 am

I have no idea why you get the message: "Ignoring -days; not generating a certificate"

You can follow up which ever way suits you best.

300000
OpenVPN Super User
Posts: 215
Joined: Tue May 01, 2012 9:30 pm

Re: build-key-server: "Ignoring -days; not generating a certificate"

Post by 300000 » Tue Jul 14, 2020 12:58 pm

maxburn wrote:
Tue Jul 14, 2020 11:05 am
I think we are talking past each other or maybe I wasn't clear in OP. This was a new azure server and I've never installed EasyRSA on it's own, I'm using the OpenVPN installation option to install "EasyRSA 2 Certificate Management Scripts" so I've got no idea if this problem is with the bundled OpenVPN version or the upstream EasyRSA, which version is bundled etc. This worked under the previous version of OpenVPN, I've now got the server up and running so that's why I posted it here. You can also see from the terminal I posted I'm following the "howto" article on generating keys, nothing radical.

The OS is Windows server 2016 version 1607 build 14393.3750.
You can use windows certificate or XCA to generate certificates and management user more easily . Both work very well and if there is more than 100 peoples you will have big headache to distribute and management user certificate.

Post Reply