Good mornig
root@Juanjo:/etc/openvpn/easy-rsa# . ./vars
**************************************************************
No /etc/openvpn/easy-rsa/openssl.cnf file could be found
Further invocations will fail
**************************************************************
The problem has to be in the swhichopensslcnf script that does not have support for openssl-1.1.0
Easy-rsa has support for openssl-1.1.0?
ot@Juanjo:/etc/openvpn/easy-rsa# ls
build-ca build-key-server list-crl sign-req
build-dh build-req openssl-0.9.6.cnf vars
build-inter build-req-pass openssl-0.9.8.cnf whichopensslcnf
build-key clean-all openssl-1.0.0.cnf
build-key-pass inherit-inter pkitool
build-key-pkcs12 keys revoke-full
How can I solve this problem
please
Thank you
Error setting openssl-1.1.0 does not find openssl.cnf
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Jul 07, 2017 11:26 am
-
- OpenVPN Protagonist
- Posts: 11136
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Error setting openssl-1.1.0 does not find openssl.cnf
The simplest way is to use EasyRSA 3.0.1 :
https://github.com/OpenVPN/easy-rsa/releases
https://github.com/OpenVPN/easy-rsa/releases
- NiMing8
- OpenVpn Newbie
- Posts: 19
- Joined: Tue Jul 25, 2017 2:02 am
Re: Error setting openssl-1.1.0 does not find openssl.cnf
Any other solutions to this?
Raspbian Debian Sketch build is broke with this issue and easy-rsa 3.0 is not available in their repository.
Thanks!
Raspbian Debian Sketch build is broke with this issue and easy-rsa 3.0 is not available in their repository.
Thanks!
-
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Dec 27, 2017 2:46 pm
Re: Error setting openssl-1.1.0 does not find openssl.cnf
The reason for this error can be found in the whichopensslcnf itself:
it interprets the output auf "openssl version". In current versions (like in Debian 9.3.0) it is V1.1.X so the output is like this:
So simply do that and it will work:
Add the following lines:
Then save.
Next time it will find it at least at my system.
I'm not too familiar with the code of "openssl-1.0.0.cnf" and currently cannot answer the question if the cnf is fully compatible with OpenSSL 1.1.X or if there better should be a "openssl-1.1.0.cnf". At least I couldn't figure out a problem yet if doing it like described above.
Kind regards
MM
it interprets the output auf "openssl version". In current versions (like in Debian 9.3.0) it is V1.1.X so the output is like this:
Code: Select all
:~$ openssl version
OpenSSL 1.1.0f 25 May 2017
Code: Select all
nano /etc/openvpn/easy-rsa/whichopensslcnf
Code: Select all
elif $OPENSSL version | grep -E "1\.1\.[[:digit:]][[:alnum:]]?" > /dev/null$
cnf="$1/openssl-1.0.0.cnf"
Next time it will find it at least at my system.
I'm not too familiar with the code of "openssl-1.0.0.cnf" and currently cannot answer the question if the cnf is fully compatible with OpenSSL 1.1.X or if there better should be a "openssl-1.1.0.cnf". At least I couldn't figure out a problem yet if doing it like described above.
Kind regards
MM