Extreme noob here:
I've followed the HOWTO guide page and successfully created a CA, 1 server certificate, and a few client certs. I got my VPN working after many hours. 2 days ago I had no idea what a certificate was. However I did it all in one step, I never closed CMD from start to finish. (init-config, edit vars, vars, then build-key-server server1, the rest of it. All was fine. The tunnel works from the client to server1.
I need to setup a second vpn on a totally different server, and I would like to use the same CA (me).
Its the next day, and I need to create a second server cert. I've opened CMD as admin, CD'ed to the bin folder,opened openssl, and now I'm trying to create another server cert, using the command build-key-server server2 for example, but I am getting: 'openssl' is not recognized as an internal or external command
I dont want to do the init-config, vars etc because I am scared it will overwrite my current CA.
I'm guessing I have to somehow load my CA into openssl before I can run the build-key-server command.
I guess this question also applies to the client command as that will be next.
I'm sure its a simple step I've missed, but I don't have a clue what.
Any help would be great.
Sorry just realised I posted this in the wrong board. Mods if you could kindly move or delete.
Creating a second server cert from existing CA, locally, cmd help.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Mar 28, 2018 4:04 pm
-
- OpenVPN Protagonist
- Posts: 11136
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Creating a second server cert from existing CA, locally, cmd help.
Make a BackupClosed_VPN wrote: ↑Wed Mar 28, 2018 4:24 pmI dont want to do the init-config, vars etc because I am scared it will overwrite my current CA
Do not do init-pki
Do do vars
Also, you may find it easier to use https://github.com/OpenVPN/easy-rsa/releases [Easyrsa3] in future.
I have never tried to find out if it is backward compatible .. you can try that if you like
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Mar 28, 2018 4:04 pm
Re: Creating a second server cert from existing CA, locally, cmd help.
Thanks so much, just what I needed, I did a build-key-server server2 and created a server2.TinCanTech wrote: ↑Wed Mar 28, 2018 5:25 pmMake a BackupClosed_VPN wrote: ↑Wed Mar 28, 2018 4:24 pmI dont want to do the init-config, vars etc because I am scared it will overwrite my current CA
Do not do init-pki
Do do vars
Also, you may find it easier to use https://github.com/OpenVPN/easy-rsa/releases [Easyrsa3] in future.
I have never tried to find out if it is backward compatible .. you can try that if you like
Last edited by Closed_VPN on Tue Apr 03, 2018 5:02 pm, edited 1 time in total.
-
- OpenVPN Protagonist
- Posts: 11136
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Creating a second server cert from existing CA, locally, cmd help.
You have not provided enough information to explain what you have done .. so I don't know ..
But judging from what you have posted, it sounds like you have created a new CA and server
so the old clients will not be able to connect to that with their certificate .. if that is what you have done ..
Like I said, I don't know if easyrsa3 is backward compatible with easyrsa2 and I don't think you have tried
to use your old PKI ..
But judging from what you have posted, it sounds like you have created a new CA and server
so the old clients will not be able to connect to that with their certificate .. if that is what you have done ..
Like I said, I don't know if easyrsa3 is backward compatible with easyrsa2 and I don't think you have tried
to use your old PKI ..
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Mar 28, 2018 4:04 pm
Re: Creating a second server cert from existing CA, locally, cmd help.
Edit, Ignore that last post, I have sorted the issue (user error ) and edited the comment. Feel free to delete this and your comment to avoid confusion for others. Thanks again for your help.TinCanTech wrote: ↑Tue Apr 03, 2018 3:53 pmYou have not provided enough information to explain what you have done .. so I don't know ..
But judging from what you have posted, it sounds like you have created a new CA and server
so the old clients will not be able to connect to that with their certificate .. if that is what you have done ..
Like I said, I don't know if easyrsa3 is backward compatible with easyrsa2 and I don't think you have tried
to use your old PKI ..