[Solved] openssl.cnf not found in easy-rsa/2.0

Support forum for Easy-RSA certificate management suite.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
artgenos
OpenVpn Newbie
Posts: 6
Joined: Thu Sep 15, 2011 6:17 pm

[Solved] openssl.cnf not found in easy-rsa/2.0

Post by artgenos » Thu Sep 15, 2011 6:33 pm

I am running CentOS 6 x64 and trying to load openvpn. I tried to follow the How-to but all it says is to go to easy-rsa and run ......
Problem is when I go to easy-rsa there are 3 directories; 1.0, 2.0 and windows. Since this is a linux box i don't need windows and since it is version 2.x of openvpn i go to the 2.0 directory and there is no openssl.cnf file located there so build-ca does not work. Which step is missing or did I miss something in the documentation?

thanks

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: openssl.cnf not found in easy-rsa/2.0

Post by janjust » Thu Sep 15, 2011 9:18 pm

which version of openvpn are you using?

the centos6 epel version is 2.1.4, which includes easy-rsa/2.0/openssl.cnf

the source tarball of openvpn 2.2.1 includes easy-rsa/2.0/openssl-1.0.0.cnf, which is automatically selected when sourcing the 'vars' file (or actually, when running the 'whichopensslcnf' command)

artgenos
OpenVpn Newbie
Posts: 6
Joined: Thu Sep 15, 2011 6:17 pm

Re: openssl.cnf not found in easy-rsa/2.0

Post by artgenos » Thu Sep 15, 2011 11:58 pm

I am using the 2.2.1 tar ball. built a rpm out of it like the how to said.

When I run vars or whichopensslcnf I get "No openssl.cnf file could be found. Further invocations will fail."

I have pulled down the tar.gz file 3x and every time it is the same thing.

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: openssl.cnf not found in easy-rsa/2.0

Post by janjust » Fri Sep 16, 2011 8:00 am

but is the file 'openssl-1.0.0.cnf' listed? update your 'vars' file to point to it directly.

I've just built an 2.2.1 RPM from the spec file and ALL files from the easy-rsa directories are included.

artgenos
OpenVpn Newbie
Posts: 6
Joined: Thu Sep 15, 2011 6:17 pm

Re: openssl.cnf not found in easy-rsa/2.0

Post by artgenos » Fri Sep 16, 2011 11:12 am

that is the problem. there is no openssl.cnf or openssl-1.0.0.cnf file listed in easy-rsa/2.0

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: openssl.cnf not found in easy-rsa/2.0

Post by janjust » Fri Sep 16, 2011 11:16 am

I just did

Code: Select all

$ rpmbuild -tb openvpn-2.2.1.tar.gz
[....]
$ rpm -qlp .../RPMS/x86_64/openvpn-2.2.1-1.x86_64.rpm | grep openssl
/usr/share/doc/openvpn-2.2.1/easy-rsa/1.0/openssl.cnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/openssl-0.9.6.cnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/openssl-0.9.8.cnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/openssl-1.0.0.cnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/openssl-1.0.0.cnf-old-copy
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/tmp/openssl-0.9.6.cnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/tmp/openssl-1.0.0.cnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/tmp/whichopensslcnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/whichopensslcnf
what do you get out of your RPM build?

artgenos
OpenVpn Newbie
Posts: 6
Joined: Thu Sep 15, 2011 6:17 pm

Re: openssl.cnf not found in easy-rsa/2.0

Post by artgenos » Fri Sep 16, 2011 12:03 pm

Ok, I have rebuilt it and I get those files. But this is what happens after I edit vars

Code: Select all

. ./vars 
**************************************************************
  No /etc/openvpn/easy-rsa/2.0/openssl.cnf file could be found
  Further invocations will fail
**************************************************************
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: openssl.cnf not found in easy-rsa/2.0

Post by janjust » Fri Sep 16, 2011 12:13 pm

you first need to copy over the existing easy-rsa files to the /etc directory:

Code: Select all

$ mkdir -p /etc/openvpn/easy-rsa
$ cd /etc/openvpn/easy-rsa
$ cp -a /usr/share/doc/openvpn-2.2.1/easy-rsa/2.0 .
etc. the RPM does not install any files in /etc/openvpn.

artgenos
OpenVpn Newbie
Posts: 6
Joined: Thu Sep 15, 2011 6:17 pm

Re: openssl.cnf not found in easy-rsa/2.0

Post by artgenos » Fri Sep 16, 2011 12:35 pm

I have done that and am running it there.

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: openssl.cnf not found in easy-rsa/2.0

Post by janjust » Fri Sep 16, 2011 1:52 pm

I wonder why 'whichopensslcnf' does not return the right value. You can work around it by setting the full path in your 'vars' file like this:

Code: Select all

export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
provided that that file does exist now, of course.

artgenos
OpenVpn Newbie
Posts: 6
Joined: Thu Sep 15, 2011 6:17 pm

Re: openssl.cnf not found in easy-rsa/2.0

Post by artgenos » Fri Sep 16, 2011 3:08 pm

Thanks for the help. It worked this time around.

evlogi
OpenVpn Newbie
Posts: 1
Joined: Mon Nov 21, 2011 6:57 pm

Re: openssl.cnf not found in easy-rsa/2.0

Post by evlogi » Mon Nov 21, 2011 7:04 pm

......

User avatar
b74ck5t4r
OpenVpn Newbie
Posts: 1
Joined: Sun May 27, 2012 2:03 am

Re: openssl.cnf not found in easy-rsa/2.0

Post by b74ck5t4r » Sun May 27, 2012 2:08 am

deleted

mboada
OpenVpn Newbie
Posts: 1
Joined: Tue Feb 03, 2015 9:19 pm

Re: openssl.cnf not found in easy-rsa/2.0

Post by mboada » Tue Feb 03, 2015 9:22 pm

Hello,

You can solve the problem installing openssl . Then , 'whichopensslcnf' will return the correct value without any changes.

I hope it helps

Miquel Boada

JustSmurfy
OpenVpn Newbie
Posts: 1
Joined: Sun Nov 10, 2019 8:31 pm

Re: openssl.cnf not found in easy-rsa/2.0

Post by JustSmurfy » Sun Nov 10, 2019 8:33 pm

This was driving me mad and the fix was fairly simple

Code: Select all

cd /etc/openvpn/easy-rsa
ln -s openssl-1.0.0.cnf openssl.cnf
Soruce: https://unix.stackexchange.com/a/103603/229547

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: openssl.cnf not found in easy-rsa/2.0

Post by TinCanTech » Sun Nov 10, 2019 8:42 pm

If are just starting with Easyrsa2, we recommend you move to Easyrsa3

https://github.com/OpenVPN/easy-rsa/releases

If you already have a full PKI under Easyrsa2, there will soon be an upgrade path to Easyrsa3.

Post Reply