Page 1 of 1
Generate certificates & keys for clients
Posted: Tue Feb 10, 2015 1:55 pm
by arturk
Hi there,
I followed instructions at
http://openvpn.net/index.php/open-sourc ... o.html#pki
and successful generated all needed certificates and keys. After few days I realized that I need two more client certificates. I tried to build them using 'build-key clientX' but I get an error. It's probably associated with lost variable values. How to manage it and not to rewrite generated certs and keys?
Re: Generate certificates & keys for clients
Posted: Tue Feb 10, 2015 1:58 pm
by maikcat
if you have ca.key index.txt etc you must run first vars script THEN create your client certs.
Michael.
Re: Generate certificates & keys for clients
Posted: Tue Feb 10, 2015 2:02 pm
by arturk
maikcat wrote:if you have ca.key index.txt etc you must run first vars script THEN create your client certs.
Michael.
I've done it this way. Still doesn't work :-/
Re: Generate certificates & keys for clients
Posted: Tue Feb 10, 2015 5:30 pm
by maikcat
please post the exact commands used and the output you get.
Michael.
Re: Generate certificates & keys for clients
Posted: Tue Feb 10, 2015 6:33 pm
by arturk
Code: Select all
C:\Program Files\OpenVPN\easy-rsa>build-key wiewiora
WARNING: can't open config file: /etc/ssl/openssl.cnf
error on line 99 of openssl-1.0.0.cnf
1672:error:0E065068:configuration file routines:STR_COPY:variable has no value:c
onf_def.c:618:line 99
WARNING: can't open config file: /etc/ssl/openssl.cnf
Using configuration from openssl-1.0.0.cnf
error on line 99 of config file 'openssl-1.0.0.cnf'
4024:error:0E065068:configuration file routines:STR_COPY:variable has no value:c
onf_def.c:618:line 99
Nie można odnaleźć C:\Program Files\OpenVPN\easy-rsa\keys\*.old.
C:\Program Files\OpenVPN\easy-rsa>
Re: Generate certificates & keys for clients
Posted: Wed Feb 11, 2015 6:41 am
by maikcat
did you run vars.bat?
Michael.
Re: Generate certificates & keys for clients
Posted: Wed Feb 11, 2015 7:19 am
by arturk
maikcat wrote:did you run vars.bat?
Michael.
Yep
Re: Generate certificates & keys for clients
Posted: Wed Feb 11, 2015 9:39 am
by maikcat
can you post the contents of build-key.bat file?
Michael.
Re: Generate certificates & keys for clients
Posted: Wed Feb 11, 2015 6:03 pm
by arturk
maikcat wrote:can you post the contents of build-key.bat file?
Michael.
build-key.bat
Code: Select all
@echo off
cd %HOME%
rem build a request for a cert that will be valid for ten years
openssl req -days 3650 -nodes -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem sign the cert request with our ca, creating a cert/key pair
openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem delete any .old files created in this process, to avoid future file creation errors
del /q %KEY_DIR%\*.old
Re: Generate certificates & keys for clients
Posted: Thu Feb 12, 2015 7:16 am
by maikcat
can you check and see what are the content of openssl-1.0.0.cnf at line 99?
because in my pc this line is empty...
can you check if there is a tab there?
Michael.
Re: Generate certificates & keys for clients
Posted: Thu Feb 12, 2015 8:13 pm
by arturk
maikcat wrote:can you check and see what are the content of openssl-1.0.0.cnf at line 99?
Michael.
line 99:
localityName_default = $ENV::KEY_CITY
Re: Generate certificates & keys for clients
Posted: Mon Feb 16, 2015 11:28 am
by maikcat
just curious,
because easy-rsa is not part of openvpn anymore,where did you get it?
Michael.
Re: Generate certificates & keys for clients
Posted: Tue Feb 17, 2015 7:07 am
by arturk
maikcat wrote:just curious,
I know... anyway I recreated all certificates, so I'm done for now. Thanks for your effort.
because easy-rsa is not part of openvpn anymore,where did you get it?
Michael.
From github, exactly from here AFIR ->
https://github.com/OpenVPN/easy-rsa/blo ... -1.0.0.cnf
Re: Generate certificates & keys for clients
Posted: Tue Feb 17, 2015 9:03 am
by maikcat
localityName_default appears in line 127 not in 99....
since you solved your problem its ok..
regards,
Michael.