im really lost, i have no idea why easy-rsa is having such hissy fit. i followed the openvpn howto info to the letter but no dice. my computer is running win7 64bit with the latest installation of openvpn
C:\Users\Gary>cd \Program Files\OpenVPN\easy-rsa
C:\Program Files\OpenVPN\easy-rsa>init-config
C:\Program Files\OpenVPN\easy-rsa>copy vars.bat.sample vars.bat
The system cannot find the file specified.
C:\Program Files\OpenVPN\easy-rsa>vars
C:\Program Files\OpenVPN\easy-rsa>clean-all
The system cannot find the file specified.
Access is denied.
The system cannot find the path specified.
0 file(s) copied.
The system cannot find the path specified.
0 file(s) copied.
C:\Program Files\OpenVPN\easy-rsa>build-ca
WARNING: can't open config file: /etc/ssl/openssl.cnf
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
.................................................. ...............+++++
.........++++++
unable to write 'random state'
writing new private key to 'keys\ca.key'
keys\ca.key: No such file or directory
4032:error:02001003:system library:fopen:No such process:bss_file.c:39
eys\ca.key','wb')
4032:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
cant generate certs
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
rsleventhal
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Feb 08, 2013 3:09 pm
Re: cant generate certs
Hi,
I was having similar issues. I got past some of them by making a keys and vars folder within the easy-rsa folder. That got me to the point of build-key-server <servername>. I ran that and got this error:
4924:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\
bss_file.c:278:fopen('keys/index.txt','rb')
I'm pretty sure that making those two (keys/vars) folders will get you past the point you're at, but am hoping that there's a bit of help to be had for getting past my issue, too.
HTH,
-Ray
I was having similar issues. I got past some of them by making a keys and vars folder within the easy-rsa folder. That got me to the point of build-key-server <servername>. I ran that and got this error:
4924:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\
bss_file.c:278:fopen('keys/index.txt','rb')
I'm pretty sure that making those two (keys/vars) folders will get you past the point you're at, but am hoping that there's a bit of help to be had for getting past my issue, too.
HTH,
-Ray
-
IncreasedSecurity
- OpenVpn Newbie
- Posts: 10
- Joined: Mon Feb 25, 2013 1:04 am
Re: cant generate certs
You _must_ run clean-all.bat, or do it by hand.
NOTE TO THE DEV TEAM: Putting this in init-config.bat is much more intuitive! We don't expect to need to clean up if we're starting from scratch!
And you need to run
before you can build the server or the client keys.
Please also be certain to edit vars.bat to change default keys size and so on first - 1024 is not appropriate for production, 2048 is for normal use, or 4096 for paranoid use.
FYI - look at readme.txt - on the 2.3.0 I004 Windows version, it says:
NOTE TO THE DEV TEAM: Putting this in init-config.bat is much more intuitive! We don't expect to need to clean up if we're starting from scratch!
Code: Select all
md keys
md vars
copy index.txt.start keys\index.txt
copy serial.start keys\serial
And you need to run
Code: Select all
build-ca.bat
Please also be certain to edit vars.bat to change default keys size and so on first - 1024 is not appropriate for production, 2048 is for normal use, or 4096 for paranoid use.
FYI - look at readme.txt - on the 2.3.0 I004 Windows version, it says:
Code: Select all
Extract all zip'd files to the OpenVPN home directory,
including the openssl.cnf file from the top-level
"easy-rsa" directory.
First run init-config.bat
Next, edit vars.bat to adapt it to your environment, and
create the directory that will hold your key files.
To generate TLS keys:
Create new empty index and serial files (once only)
1. vars
2. clean-all
Build a CA key (once only)
1. vars
2. build-ca
Build a DH file (for server side, once only)
1. vars
2. build-dh
Build a private key/certficate for the openvpn server
1. vars
2. build-key-server <machine-name>
Build key files in PEM format (for each client machine)
1. vars
2. build-key <machine-name>
(use <machine name> for specific name within script)
or
Build key files in PKCS #12 format (for each client machine)
1. vars
2. build-key-pkcs12 <machine-name>
(use <machine name> for specific name within script)
To revoke a TLS certificate and generate a CRL file:
1. vars
2. revoke-full <machine-name>
3. verify last line of output confirms revokation
4. copy crl.pem to server directory and ensure config file uses "crl-verify <crl filename>"
-
raptorjp
- OpenVPN User
- Posts: 31
- Joined: Sun Sep 08, 2013 8:05 pm
Re: cant generate certs
I believe that your issue is related to UAC (can't write to a program files folder). I get the same errors when I wrote a batch file to copy a client's config files in the openvpn folder.
You can try this...copy easy-rsa to your desktop and run it from there. You will probably have to edit your var.bat file after running init-config to say that easy-rsa is no longer under program files.
Alternatively, you can temporarily disable UAC and try it again.
You can try this...copy easy-rsa to your desktop and run it from there. You will probably have to edit your var.bat file after running init-config to say that easy-rsa is no longer under program files.
Alternatively, you can temporarily disable UAC and try it again.
-
Demon0n
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Jul 15, 2014 11:15 am
Re: cant generate certs
UAC and/or antivirus/forewall(or something similar).
"Program Files" directory is protected by UAC and other activity can be blocked by antivirus or firewall sofrware.
"Program Files" directory is protected by UAC and other activity can be blocked by antivirus or firewall sofrware.