I installed a version from "GnuWin32" and it seems to run fine. I have run vars.bat, clean-all.bat, and then build-ca.bat, and build-key-server server, and they all work fine, and generate a 2048 bit RSA private Key, but then when I get to the build-key client command, I get an error, and even though the file is created, it is of size 0KB and is an invalid key file... here is the command prompt output... Notice some values in the text have been changed for privacy, but I have run through the entire process many times over in order to assure that they really do have the exact same values... Starting from vars, clean-all, build-ca, etc...
Code: Select all
C:\Program Files\OpenVPN\easy-rsa>vars
C:\Program Files\OpenVPN\easy-rsa>clean-all
1 file(s) copied.
1 file(s) copied.
C:\Program Files\OpenVPN\easy-rsa>build-ca
WARNING: can't open config file: c:\openssl/ssl/openssl.cnf
Loading 'screen' into random state - done
Generating a 2048 bit RSA private key
....................................................+++
.........................................+++
writing new private key to 'keys\ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [GA]:
Locality Name (eg, city) [Cumming]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) [Tech]:
Common Name (eg, your name or your server's hostname) [changeme]:Ryan
Name [changeme]:WHS
Email Address [xxx@gmail.com]:
C:\Program Files\OpenVPN\easy-rsa>build-key-server server
WARNING: can't open config file: c:\openssl/ssl/openssl.cnf
Loading 'screen' into random state - done
Generating a 2048 bit RSA private key
.................+++
...+++
writing new private key to 'keys\server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [GA]:
Locality Name (eg, city) [Cumming]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) [Tech]:
Common Name (eg, your name or your server's hostname) [changeme]:Ryan
Name [changeme]:WHS
Email Address [xxx@gmail.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
WARNING: can't open config file: c:\openssl/ssl/openssl.cnf
Using configuration from openssl-1.0.0.cnf
Loading 'screen' into random state - done
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'GA'
localityName :PRINTABLE:'Cumming'
organizationName :PRINTABLE:'OpenVPN'
organizationalUnitName:PRINTABLE:'Tech'
commonName :PRINTABLE:'Ryan'
name :PRINTABLE:'WHS'
emailAddress :IA5STRING:'xxx@gmail.com'
Certificate is to be certified until Nov 22 14:53:15 2021 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
C:\Program Files\OpenVPN\easy-rsa>build-key client
WARNING: can't open config file: c:\openssl/ssl/openssl.cnf
Loading 'screen' into random state - done
Generating a 2048 bit RSA private key
..+++
.............................................................................+++
writing new private key to 'c:\Progra~1\OpenVPN\easy-rsa\keys\client.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [GA]:
Locality Name (eg, city) [Cumming]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) [Tech]:
Common Name (eg, your name or your server's hostname) [changeme]:Ryan
Name [changeme]:WHS
Email Address [xxx@gmail.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
WARNING: can't open config file: c:\openssl/ssl/openssl.cnf
Using configuration from openssl-1.0.0.cnf
Loading 'screen' into random state - done
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'GA'
localityName :PRINTABLE:'Cumming'
organizationName :PRINTABLE:'OpenVPN'
organizationalUnitName:PRINTABLE:'Tech'
commonName :PRINTABLE:'Ryan'
name :PRINTABLE:'WHS'
emailAddress :IA5STRING:'xxx@gmail.com'
Certificate is to be certified until Nov 22 14:53:51 2021 GMT (3650 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
Could Not Find C:\Program Files\OpenVPN\easy-rsa\keys\*.old
C:\Program Files\OpenVPN\easy-rsa>Proof of search:
http://fixunix.com/openssl/248250-re-ca ... r-2-a.html
http://forums.openvpn.net/topic7551.html
http://rt.openssl.org/Ticket/Display.ht ... pass=guest
http://openvpn.net/archive/openvpn-user ... 00254.html
