[Solved] openssl.cnf not found in easy-rsa/2.0
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Sep 15, 2011 6:17 pm
[Solved] openssl.cnf not found in easy-rsa/2.0
I am running CentOS 6 x64 and trying to load openvpn. I tried to follow the How-to but all it says is to go to easy-rsa and run ......
Problem is when I go to easy-rsa there are 3 directories; 1.0, 2.0 and windows. Since this is a linux box i don't need windows and since it is version 2.x of openvpn i go to the 2.0 directory and there is no openssl.cnf file located there so build-ca does not work. Which step is missing or did I miss something in the documentation?
thanks
Problem is when I go to easy-rsa there are 3 directories; 1.0, 2.0 and windows. Since this is a linux box i don't need windows and since it is version 2.x of openvpn i go to the 2.0 directory and there is no openssl.cnf file located there so build-ca does not work. Which step is missing or did I miss something in the documentation?
thanks
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: openssl.cnf not found in easy-rsa/2.0
which version of openvpn are you using?
the centos6 epel version is 2.1.4, which includes easy-rsa/2.0/openssl.cnf
the source tarball of openvpn 2.2.1 includes easy-rsa/2.0/openssl-1.0.0.cnf, which is automatically selected when sourcing the 'vars' file (or actually, when running the 'whichopensslcnf' command)
the centos6 epel version is 2.1.4, which includes easy-rsa/2.0/openssl.cnf
the source tarball of openvpn 2.2.1 includes easy-rsa/2.0/openssl-1.0.0.cnf, which is automatically selected when sourcing the 'vars' file (or actually, when running the 'whichopensslcnf' command)
-
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Sep 15, 2011 6:17 pm
Re: openssl.cnf not found in easy-rsa/2.0
I am using the 2.2.1 tar ball. built a rpm out of it like the how to said.
When I run vars or whichopensslcnf I get "No openssl.cnf file could be found. Further invocations will fail."
I have pulled down the tar.gz file 3x and every time it is the same thing.
When I run vars or whichopensslcnf I get "No openssl.cnf file could be found. Further invocations will fail."
I have pulled down the tar.gz file 3x and every time it is the same thing.
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: openssl.cnf not found in easy-rsa/2.0
but is the file 'openssl-1.0.0.cnf' listed? update your 'vars' file to point to it directly.
I've just built an 2.2.1 RPM from the spec file and ALL files from the easy-rsa directories are included.
I've just built an 2.2.1 RPM from the spec file and ALL files from the easy-rsa directories are included.
-
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Sep 15, 2011 6:17 pm
Re: openssl.cnf not found in easy-rsa/2.0
that is the problem. there is no openssl.cnf or openssl-1.0.0.cnf file listed in easy-rsa/2.0
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: openssl.cnf not found in easy-rsa/2.0
I just did
what do you get out of your RPM build?
Code: Select all
$ rpmbuild -tb openvpn-2.2.1.tar.gz
[....]
$ rpm -qlp .../RPMS/x86_64/openvpn-2.2.1-1.x86_64.rpm | grep openssl
/usr/share/doc/openvpn-2.2.1/easy-rsa/1.0/openssl.cnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/openssl-0.9.6.cnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/openssl-0.9.8.cnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/openssl-1.0.0.cnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/openssl-1.0.0.cnf-old-copy
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/tmp/openssl-0.9.6.cnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/tmp/openssl-1.0.0.cnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/tmp/whichopensslcnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/whichopensslcnf
-
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Sep 15, 2011 6:17 pm
Re: openssl.cnf not found in easy-rsa/2.0
Ok, I have rebuilt it and I get those files. But this is what happens after I edit vars
Code: Select all
. ./vars
**************************************************************
No /etc/openvpn/easy-rsa/2.0/openssl.cnf file could be found
Further invocations will fail
**************************************************************
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: openssl.cnf not found in easy-rsa/2.0
you first need to copy over the existing easy-rsa files to the /etc directory:
etc. the RPM does not install any files in /etc/openvpn.
Code: Select all
$ mkdir -p /etc/openvpn/easy-rsa
$ cd /etc/openvpn/easy-rsa
$ cp -a /usr/share/doc/openvpn-2.2.1/easy-rsa/2.0 .
-
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Sep 15, 2011 6:17 pm
Re: openssl.cnf not found in easy-rsa/2.0
I have done that and am running it there.
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: openssl.cnf not found in easy-rsa/2.0
I wonder why 'whichopensslcnf' does not return the right value. You can work around it by setting the full path in your 'vars' file like this:
provided that that file does exist now, of course.
Code: Select all
export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
-
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Sep 15, 2011 6:17 pm
Re: openssl.cnf not found in easy-rsa/2.0
Thanks for the help. It worked this time around.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Mon Nov 21, 2011 6:57 pm
- b74ck5t4r
- OpenVpn Newbie
- Posts: 1
- Joined: Sun May 27, 2012 2:03 am
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Feb 03, 2015 9:19 pm
Re: openssl.cnf not found in easy-rsa/2.0
Hello,
You can solve the problem installing openssl . Then , 'whichopensslcnf' will return the correct value without any changes.
I hope it helps
Miquel Boada
You can solve the problem installing openssl . Then , 'whichopensslcnf' will return the correct value without any changes.
I hope it helps
Miquel Boada
-
- OpenVpn Newbie
- Posts: 1
- Joined: Sun Nov 10, 2019 8:31 pm
Re: openssl.cnf not found in easy-rsa/2.0
This was driving me mad and the fix was fairly simple
Soruce: https://unix.stackexchange.com/a/103603/229547
Code: Select all
cd /etc/openvpn/easy-rsa
ln -s openssl-1.0.0.cnf openssl.cnf
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: openssl.cnf not found in easy-rsa/2.0
If are just starting with Easyrsa2, we recommend you move to Easyrsa3
https://github.com/OpenVPN/easy-rsa/releases
If you already have a full PKI under Easyrsa2, there will soon be an upgrade path to Easyrsa3.
https://github.com/OpenVPN/easy-rsa/releases
If you already have a full PKI under Easyrsa2, there will soon be an upgrade path to Easyrsa3.