Create CA Failure

Support forum for Easy-RSA certificate management suite.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
keiros
OpenVpn Newbie
Posts: 2
Joined: Mon Jan 24, 2022 2:50 pm

Create CA Failure

Post by keiros » Mon Jan 24, 2022 3:04 pm

Hello I am on Ubuntu 18 and I am getting a failure to create a ca.

Here is the guide I am folowing: https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-a-certificate-authority-ca-on-ubuntu-20-04

It is virtually the same as their guide for ubuntu 18 which I have also tried.

Here is the error:


./easyrsa: 1: ./vars: /home/andrew/easy-rsa/vars: Permission denied

Note: using Easy-RSA configuration from: ./vars

Using SSL: openssl OpenSSL 3.0.0-alpha10-dev (Library: OpenSSL 3.0.0-alpha10-dev )

Enter New CA Key Passphrase:
Re-Enter New CA Key Passphrase:
read EC key
unable to load Key
80E2714A297F0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:crypto/store/store_register.c:240:scheme=file
80E2714A297F0000:error:1E080020:DECODER routines:decoder_process:BIO lib:crypto/encode_decode/decoder_lib.c:572:
Could not read private key from /home/andrew/easy-rsa/pki/private/ca.key.VFvuEiV8Yk

Easy-RSA error:

Failed to build the CA

Then when I ran
chmod ugo+rwx /home/andrew/easy-rsa/vars

It just started hanging and doing nothing when I run build-ca.

Then it prints
/home/andrew/easy-rsa/vars: 9: set_var: not found

keiros
OpenVpn Newbie
Posts: 2
Joined: Mon Jan 24, 2022 2:50 pm

Re: Create CA Failure

Post by keiros » Mon Jan 24, 2022 3:13 pm

When I change my vars to use rsa instead of ec as the algo it succeeds. How can I get ec working?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Create CA Failure

Post by TinCanTech » Mon Jan 24, 2022 3:26 pm

keiros wrote:
Mon Jan 24, 2022 3:04 pm
Using SSL: openssl OpenSSL 3.0.0-alpha10-dev (Library: OpenSSL 3.0.0-alpha10-dev )
Ubuntu 20.04 does not ship with an ALPHA-DEV Version of OpenSSL 3

And Easy-RSA does not support it either. :lol:

Post Reply