Support forum for Easy-RSA certificate management suite.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
maskedkuma
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Aug 01, 2017 10:46 am
Post
by maskedkuma » Mon Aug 21, 2017 9:43 am
I am trying to setup openvpn on a new debian 9 stretch install. i have done this before on debian 8 without a problem, but i can't figure this out:
i am using defaults in `vars`
Code: Select all
# cd /etc/openvpn/easy-rsa && source ./vars
Code: Select all
# ./build-ca
req: Error on line 198 of config file "/etc/openvpn/easy-rsa/openssl.cnf"
Generating a 2048 bit RSA private key
................+++
.............................................................................+++
writing new private key to 'ca.key'
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
140484666176768:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:../crypto/conf/conf_lib.c:272:
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Mon Aug 21, 2017 11:17 am
maskedkuma wrote:req: Error on line 198 of config file "/etc/openvpn/easy-rsa/openssl.cnf"
There is no "openssl.cnf" .. so I don't know what you have done.
Look in /usr/share/easy-rsa
-
maskedkuma
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Aug 01, 2017 10:46 am
Post
by maskedkuma » Mon Aug 21, 2017 11:44 am
and copying openssl-1.0.0.cnf to openssl.cnf has the same effect.
Code: Select all
openssl version
OpenSSL 1.1.0f 25 May 2017
Code: Select all
# ./whichopensslcnf
/openssl.cnf
**************************************************************
No /openssl.cnf file could be found
Further invocations will fail
**************************************************************
-
dicer
- OpenVpn Newbie
- Posts: 1
- Joined: Mon Jul 30, 2018 2:23 pm
Post
by dicer » Mon Jul 30, 2018 2:24 pm
The solution to this problem in Debian Stretch is to add the following line to your vars file (don't forget to "source ./vars" afterwards"):
export KEY_ALTNAMES="EasyRSA"
-
maskedkuma
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Aug 01, 2017 10:46 am
Post
by maskedkuma » Mon Jul 30, 2018 2:30 pm
Thanks for replying after all this time. I evidently got it working somehow, but I didn't report back here and definitely don't remember how. I didn't use KEY_ALTNAMES.
Thanks again
-
ve9gfi
- OpenVpn Newbie
- Posts: 4
- Joined: Fri Mar 27, 2020 1:55 pm
Post
by ve9gfi » Fri Mar 27, 2020 2:01 pm
The file /etc/openvpn/easy-rsa/vars does not have KEY_ALTNAME defined but it does have KEY_ALTNAMES.
I created KEY_ALTNAME and everything worked.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Fri Mar 27, 2020 2:15 pm
For future reference:
When Easy-RSA 3.0.7 is released it will include an upgrade path for Easy-RSA v2
Easy-TLS helps manage the various OpenVPN specific TLS keys and Inline files.