Generate certificates & keys for clients
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 7
- Joined: Tue Feb 10, 2015 1:33 pm
- Location: Poland
Generate certificates & keys for clients
Hi there,
I followed instructions at http://openvpn.net/index.php/open-sourc ... o.html#pki
and successful generated all needed certificates and keys. After few days I realized that I need two more client certificates. I tried to build them using 'build-key clientX' but I get an error. It's probably associated with lost variable values. How to manage it and not to rewrite generated certs and keys?
I followed instructions at http://openvpn.net/index.php/open-sourc ... o.html#pki
and successful generated all needed certificates and keys. After few days I realized that I need two more client certificates. I tried to build them using 'build-key clientX' but I get an error. It's probably associated with lost variable values. How to manage it and not to rewrite generated certs and keys?
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Generate certificates & keys for clients
if you have ca.key index.txt etc you must run first vars script THEN create your client certs.
Michael.
Michael.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Tue Feb 10, 2015 1:33 pm
- Location: Poland
Re: Generate certificates & keys for clients
I've done it this way. Still doesn't work :-/maikcat wrote:if you have ca.key index.txt etc you must run first vars script THEN create your client certs.
Michael.
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Generate certificates & keys for clients
please post the exact commands used and the output you get.
Michael.
Michael.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Tue Feb 10, 2015 1:33 pm
- Location: Poland
Re: Generate certificates & keys for clients
Code: Select all
C:\Program Files\OpenVPN\easy-rsa>build-key wiewiora
WARNING: can't open config file: /etc/ssl/openssl.cnf
error on line 99 of openssl-1.0.0.cnf
1672:error:0E065068:configuration file routines:STR_COPY:variable has no value:c
onf_def.c:618:line 99
WARNING: can't open config file: /etc/ssl/openssl.cnf
Using configuration from openssl-1.0.0.cnf
error on line 99 of config file 'openssl-1.0.0.cnf'
4024:error:0E065068:configuration file routines:STR_COPY:variable has no value:c
onf_def.c:618:line 99
Nie można odnaleźć C:\Program Files\OpenVPN\easy-rsa\keys\*.old.
C:\Program Files\OpenVPN\easy-rsa>
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Generate certificates & keys for clients
did you run vars.bat?
Michael.
Michael.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Tue Feb 10, 2015 1:33 pm
- Location: Poland
Re: Generate certificates & keys for clients
Yepmaikcat wrote:did you run vars.bat?
Michael.
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Generate certificates & keys for clients
can you post the contents of build-key.bat file?
Michael.
Michael.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Tue Feb 10, 2015 1:33 pm
- Location: Poland
Re: Generate certificates & keys for clients
build-key.batmaikcat wrote:can you post the contents of build-key.bat file?
Michael.
Code: Select all
@echo off
cd %HOME%
rem build a request for a cert that will be valid for ten years
openssl req -days 3650 -nodes -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem sign the cert request with our ca, creating a cert/key pair
openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem delete any .old files created in this process, to avoid future file creation errors
del /q %KEY_DIR%\*.old
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Generate certificates & keys for clients
can you check and see what are the content of openssl-1.0.0.cnf at line 99?
because in my pc this line is empty...
can you check if there is a tab there?
Michael.
because in my pc this line is empty...
can you check if there is a tab there?
Michael.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Tue Feb 10, 2015 1:33 pm
- Location: Poland
Re: Generate certificates & keys for clients
line 99:maikcat wrote:can you check and see what are the content of openssl-1.0.0.cnf at line 99?
Michael.
localityName_default = $ENV::KEY_CITY
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Generate certificates & keys for clients
just curious,
because easy-rsa is not part of openvpn anymore,where did you get it?
Michael.
because easy-rsa is not part of openvpn anymore,where did you get it?
Michael.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Tue Feb 10, 2015 1:33 pm
- Location: Poland
Re: Generate certificates & keys for clients
I know... anyway I recreated all certificates, so I'm done for now. Thanks for your effort.maikcat wrote:just curious,
From github, exactly from here AFIR -> https://github.com/OpenVPN/easy-rsa/blo ... -1.0.0.cnfbecause easy-rsa is not part of openvpn anymore,where did you get it?
Michael.
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: Generate certificates & keys for clients
localityName_default appears in line 127 not in 99....
since you solved your problem its ok..
regards,
Michael.
since you solved your problem its ok..
regards,
Michael.