./build-ca error

Support forum for Easy-RSA certificate management suite.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
gattaca
OpenVpn Newbie
Posts: 5
Joined: Mon Apr 27, 2020 7:48 am

./build-ca error

Post by gattaca » Mon Apr 27, 2020 8:45 am

hi specialist, I'm a new learner, when I use EasyRSA-3.0.7 to bulid-ca on my WindowsServer 2012R2, it not working , some errors happened, please help me solve this problem, Thanks

my cmd commends is in below:

Code: Select all

init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: C:/Program Files/OpenVPN/EasyRSA-3.0.7/pki



EasyRSA Shell
# ./easyrsa build-ca
Using SSL: openssl OpenSSL 1.1.0j  20 Nov 2018
path = C:/Program Files/OpenVPN/EasyRSA-3.0.7/pki/easy-rsa-3900.a04956/tmp.XXXXXX
lpPathBuffer = C:\Users\ADMINI~1\AppData\Local\Temp\2\
szTempName = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpA763.tmp
path = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpA763.tmp
fd = 3
path = C:/Program Files/OpenVPN/EasyRSA-3.0.7/pki/easy-rsa-3900.a04956/tmp.XXXXXX
lpPathBuffer = C:\Users\ADMINI~1\AppData\Local\Temp\2\
szTempName = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpA7C1.tmp
path = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpA7C1.tmp
fd = 3
path = C:/Program Files/OpenVPN/EasyRSA-3.0.7/pki/easy-rsa-3900.a04956/tmp.XXXXXX
lpPathBuffer = C:\Users\ADMINI~1\AppData\Local\Temp\2\
szTempName = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpA83E.tmp
path = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpA83E.tmp
fd = 3

Enter New CA Key Passphrase:
Re-Enter New CA Key Passphrase:
Extra arguments given.
genrsa: Use -help for summary.

Easy-RSA error:

Failed create CA private key


TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: ./build-ca error

Post by TinCanTech » Mon Apr 27, 2020 11:19 am

See:

Code: Select all

./easyrsa help

gattaca
OpenVpn Newbie
Posts: 5
Joined: Mon Apr 27, 2020 7:48 am

Re: ./build-ca error

Post by gattaca » Tue Apr 28, 2020 5:53 am

here is result, what shall I do next ?

Code: Select all

EasyRSA Shell
# ./easyrsa help

Easy-RSA 3 usage and overview

USAGE: easyrsa [options] COMMAND [command-options]

A list of commands is shown below. To get detailed usage and help for a
command, run:
  ./easyrsa help COMMAND

For a listing of options that can be supplied before the command, use:
  ./easyrsa help options

Here is the list of commands available with a short syntax reminder. Use the
'help' command above to get full usage details.

  init-pki
  build-ca [ cmd-opts ]
  gen-dh
  gen-req <filename_base> [ cmd-opts ]
  sign-req <type> <filename_base>
  build-client-full <filename_base> [ cmd-opts ]
  build-server-full <filename_base> [ cmd-opts ]
  revoke <filename_base> [cmd-opts]
  renew <filename_base> [cmd-opts]
  build-serverClient-full <filename_base> [ cmd-opts ]
  gen-crl
  update-db
  show-req <filename_base> [ cmd-opts ]
  show-cert <filename_base> [ cmd-opts ]
  show-ca [ cmd-opts ]
  import-req <request_file_path> <short_basename>
  export-p7 <filename_base> [ cmd-opts ]
  export-p12 <filename_base> [ cmd-opts ]
  set-rsa-pass <filename_base> [ cmd-opts ]
  set-ec-pass <filename_base> [ cmd-opts ]
  upgrade <type>

DIRECTORY STATUS (commands would take effect on these locations)
  EASYRSA: .
      PKI: C:/Program Files/OpenVPN/EasyRSA-3.0.7/pki


TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: ./build-ca error

Post by TinCanTech » Tue Apr 28, 2020 11:19 am

gattaca wrote:
Tue Apr 28, 2020 5:53 am
what shall I do next ?
Read help ... :roll:

gattaca
OpenVpn Newbie
Posts: 5
Joined: Mon Apr 27, 2020 7:48 am

Re: ./build-ca error

Post by gattaca » Wed Apr 29, 2020 6:24 am

hi specialist,by your suggestion,I have read help for many times and I noticed that I can use [./easyrsa build-ca nopass] to create a non-encrypt CA

Code: Select all

# ./easyrsa build-ca nopass
Using SSL: openssl OpenSSL 1.1.0j  20 Nov 2018
path = C:/Program Files/OpenVPN/EasyRSA-3.0.7/pki/easy-rsa-884.a03632/tmp.XXXXXX
lpPathBuffer = C:\Users\ADMINI~1\AppData\Local\Temp\2\
szTempName = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpE331.tmp
path = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpE331.tmp
fd = 3
path = C:/Program Files/OpenVPN/EasyRSA-3.0.7/pki/easy-rsa-884.a03632/tmp.XXXXXX
lpPathBuffer = C:\Users\ADMINI~1\AppData\Local\Temp\2\
szTempName = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpE3BE.tmp
path = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpE3BE.tmp
fd = 3
Generating RSA private key, 2048 bit long modulus
...............................................................................................................
..................................+++++
...............................................................................................................
........................+++++
e is 65537 (0x010001)
path = C:/Program Files/OpenVPN/EasyRSA-3.0.7/pki/easy-rsa-884.a03632/tmp.XXXXXX
lpPathBuffer = C:\Users\ADMINI~1\AppData\Local\Temp\2\
szTempName = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpE739.tmp
path = C:\Users\ADMINI~1\AppData\Local\Temp\2\tmpE739.tmp
fd = 3
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:Gattaca

CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
C:/Program Files/OpenVPN/EasyRSA-3.0.7/pki/ca.crt
it seems working! But I'm still confused about encrypted CA,no matter what phrase I input,it always reports errors…What's wrong with it :?:

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: ./build-ca error

Post by TinCanTech » Wed Apr 29, 2020 12:34 pm

gattaca wrote:
Wed Apr 29, 2020 6:24 am
I'm still confused about encrypted CA,no matter what phrase I input,it always reports errors…What's wrong with it
You are correct, It seems there is a bug ..

Please report this to the EasyRSA maintainer. Please include the version of EasyRSA that you are using.

gattaca
OpenVpn Newbie
Posts: 5
Joined: Mon Apr 27, 2020 7:48 am

Re: ./build-ca error

Post by gattaca » Thu Apr 30, 2020 1:11 am

OK, thank you for helping!

Post Reply