Support forum for Easy-RSA certificate management suite.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
maxburn
- OpenVPN Power User
- Posts: 65
- Joined: Mon Dec 12, 2016 6:07 pm
Post
by maxburn » Mon Jul 13, 2020 7:05 pm
I've duplicated this twice now by uninstalling and reinstalling OpenVPN with EasyRSA, what could be wrong?
C:\Program Files\OpenVPN\easy-rsa>build-key-server server
Ignoring -days; not generating a certificate
This is using; openvpn-install-2.4.9-I601-Win10
Code: Select all
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.
C:\windows\system32>cd C:\Program Files\OpenVPN\easy-rsa
C:\Program Files\OpenVPN\easy-rsa>init-config
C:\Program Files\OpenVPN\easy-rsa>copy vars.bat.sample vars.bat
1 file(s) copied.
C:\Program Files\OpenVPN\easy-rsa>vars
C:\Program Files\OpenVPN\easy-rsa>clean-all
1 file(s) copied.
1 file(s) copied.
C:\Program Files\OpenVPN\easy-rsa>build-ca
Generating a RSA private key
.........................................++++
............................................................++++
writing new private key to 'keys\ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:
State or Province Name (full name) []:
Locality Name (eg, city) []:
Organization Name (eg, company) []:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [changeme]:
Name [changeme]:
Email Address [it@.com]:
C:\Program Files\OpenVPN\easy-rsa>build-key-server server
Ignoring -days; not generating a certificate
Generating a RSA private key
.............................++++
.....................................................................................++++
writing new private key to 'keys\server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
-
maxburn
- OpenVPN Power User
- Posts: 65
- Joined: Mon Dec 12, 2016 6:07 pm
Post
by maxburn » Mon Jul 13, 2020 7:33 pm
I downgraded to openvpn-install-2.4.8-I602-Win10 and now that command doesn't throw that error and I can complete my new server.
Looks like a bug in 2.4.9 to me?
-
maxburn
- OpenVPN Power User
- Posts: 65
- Joined: Mon Dec 12, 2016 6:07 pm
Post
by maxburn » Mon Jul 13, 2020 8:08 pm
I don't see a maintainer mentioned on that thread and that thread tells me to post it on this sub forum here??
-
maxburn
- OpenVPN Power User
- Posts: 65
- Joined: Mon Dec 12, 2016 6:07 pm
Post
by maxburn » Tue Jul 14, 2020 11:05 am
I think we are talking past each other or maybe I wasn't clear in OP. This was a new azure server and I've never installed EasyRSA on it's own, I'm using the OpenVPN installation option to install "EasyRSA 2 Certificate Management Scripts" so I've got no idea if this problem is with the bundled OpenVPN version or the upstream EasyRSA, which version is bundled etc. This worked under the previous version of OpenVPN, I've now got the server up and running so that's why I posted it here. You can also see from the terminal I posted I'm following the "howto" article on generating keys, nothing radical.
The OS is Windows server 2016 version 1607 build 14393.3750.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Tue Jul 14, 2020 11:18 am
I have no idea why you get the message: "Ignoring -days; not generating a certificate"
You can follow up which ever way suits you best.
-
300000
- OpenVPN Expert
- Posts: 685
- Joined: Tue May 01, 2012 9:30 pm
Post
by 300000 » Tue Jul 14, 2020 12:58 pm
maxburn wrote: ↑Tue Jul 14, 2020 11:05 am
I think we are talking past each other or maybe I wasn't clear in OP. This was a new azure server and I've never installed EasyRSA on it's own, I'm using the OpenVPN installation option to install "EasyRSA 2 Certificate Management Scripts" so I've got no idea if this problem is with the bundled OpenVPN version or the upstream EasyRSA, which version is bundled etc. This worked under the previous version of OpenVPN, I've now got the server up and running so that's why I posted it here. You can also see from the terminal I posted I'm following the "howto" article on generating keys, nothing radical.
The OS is Windows server 2016 version 1607 build 14393.3750.
You can use windows certificate or XCA to generate certificates and management user more easily . Both work very well and if there is more than 100 peoples you will have big headache to distribute and management user certificate.