Failure to generate keys ?
Posted: Sat Feb 20, 2016 9:36 pm
Hmmm --- What I am attempting to do here is connect 2 Linksys/Cisco routers running on DD-WRT with OpenVPN inherent to the firmware (in bridge configuration).
I am running on the latest version of Windows 10, and a brand-new copy of OpenVPN just downloaded today.
That said, I need to generate the security keys in order to properly configure the routers, and following the guide exactly :
https://openvpn.net/index.php/open-sour ... ml#vpntype
This is what I got:
--------------------------------------------------------------------------------------------------------------------
C:\Program Files\OpenVPN\easy-rsa>vars
C:\Program Files\OpenVPN\easy-rsa>build-key-server server
WARNING: can't open config file: /etc/ssl/openssl.cnf
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
............++++++
.......................................++++++
writing new private key to 'keys\server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:US
State or Province Name (full name) [NY]:NY
Locality Name (eg, city) [xxxxxx]:xxxxxx
Organization Name (eg, company) [xxxxxxxxxx]:xxxxxxxxxx
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [changeme]:MAIN
Name [changeme]:xxxxxxxxxx
Email Address [xxxxxxxx@roadrunner.com]:xxxxxxxx@roadrunner.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
WARNING: can't open config file: /etc/ssl/openssl.cnf
Using configuration from openssl-1.0.0.cnf
Loading 'screen' into random state - done
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'NY'
localityName :PRINTABLE:'xxxxxx'
organizationName :PRINTABLE:'xxxxxxxx'
organizationalUnitName:PRINTABLE:'changeme'
commonName :PRINTABLE:'MAIN'
name :PRINTABLE:'xxxxxxxxxx'
emailAddress :IA5STRING:'xxxxxxxx@roadrunner.com'
Certificate is to be certified until Feb 17 20:47:21 2026 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
C:\Program Files\OpenVPN\easy-rsa>vars
C:\Program Files\OpenVPN\easy-rsa>build-key Client1
WARNING: can't open config file: /etc/ssl/openssl.cnf
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
..............++++++
..++++++
writing new private key to 'keys\Client1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:US
State or Province Name (full name) [NY]:NY
Locality Name (eg, city) [Hadley]:xxxxxx
Organization Name (eg, company) [xxxxxxxxxx]:xxxxxxxxxx
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [changeme]:MAIN
Name [changeme]:xxxxxxxxxx
Email Address [xxxxxxxx@roadrunner.com]:xxxxxxxx@roadrunner.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
WARNING: can't open config file: /etc/ssl/openssl.cnf
Using configuration from openssl-1.0.0.cnf
Loading 'screen' into random state - done
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'NY'
localityName :PRINTABLE:'xxxxxx'
organizationName :PRINTABLE:'xxxxxxxxxx'
organizationalUnitName:PRINTABLE:'changeme'
commonName :PRINTABLE:'MAIN'
name :PRINTABLE:'xxxxxxxxxx'
emailAddress :IA5STRING:'xxxxxxxx@roadrunner.com'
Certificate is to be certified until Feb 17 20:52:45 2026 GMT (3650 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
Could Not Find C:\Program Files\OpenVPN\easy-rsa\keys\*.old
C:\Program Files\OpenVPN\easy-rsa>
---------------------------------------------------------------------------------
What am I doing wrong here ?
I am running on the latest version of Windows 10, and a brand-new copy of OpenVPN just downloaded today.
That said, I need to generate the security keys in order to properly configure the routers, and following the guide exactly :
https://openvpn.net/index.php/open-sour ... ml#vpntype
This is what I got:
--------------------------------------------------------------------------------------------------------------------
C:\Program Files\OpenVPN\easy-rsa>vars
C:\Program Files\OpenVPN\easy-rsa>build-key-server server
WARNING: can't open config file: /etc/ssl/openssl.cnf
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
............++++++
.......................................++++++
writing new private key to 'keys\server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:US
State or Province Name (full name) [NY]:NY
Locality Name (eg, city) [xxxxxx]:xxxxxx
Organization Name (eg, company) [xxxxxxxxxx]:xxxxxxxxxx
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [changeme]:MAIN
Name [changeme]:xxxxxxxxxx
Email Address [xxxxxxxx@roadrunner.com]:xxxxxxxx@roadrunner.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
WARNING: can't open config file: /etc/ssl/openssl.cnf
Using configuration from openssl-1.0.0.cnf
Loading 'screen' into random state - done
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'NY'
localityName :PRINTABLE:'xxxxxx'
organizationName :PRINTABLE:'xxxxxxxx'
organizationalUnitName:PRINTABLE:'changeme'
commonName :PRINTABLE:'MAIN'
name :PRINTABLE:'xxxxxxxxxx'
emailAddress :IA5STRING:'xxxxxxxx@roadrunner.com'
Certificate is to be certified until Feb 17 20:47:21 2026 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
C:\Program Files\OpenVPN\easy-rsa>vars
C:\Program Files\OpenVPN\easy-rsa>build-key Client1
WARNING: can't open config file: /etc/ssl/openssl.cnf
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
..............++++++
..++++++
writing new private key to 'keys\Client1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:US
State or Province Name (full name) [NY]:NY
Locality Name (eg, city) [Hadley]:xxxxxx
Organization Name (eg, company) [xxxxxxxxxx]:xxxxxxxxxx
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [changeme]:MAIN
Name [changeme]:xxxxxxxxxx
Email Address [xxxxxxxx@roadrunner.com]:xxxxxxxx@roadrunner.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
WARNING: can't open config file: /etc/ssl/openssl.cnf
Using configuration from openssl-1.0.0.cnf
Loading 'screen' into random state - done
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'NY'
localityName :PRINTABLE:'xxxxxx'
organizationName :PRINTABLE:'xxxxxxxxxx'
organizationalUnitName:PRINTABLE:'changeme'
commonName :PRINTABLE:'MAIN'
name :PRINTABLE:'xxxxxxxxxx'
emailAddress :IA5STRING:'xxxxxxxx@roadrunner.com'
Certificate is to be certified until Feb 17 20:52:45 2026 GMT (3650 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
Could Not Find C:\Program Files\OpenVPN\easy-rsa\keys\*.old
C:\Program Files\OpenVPN\easy-rsa>
---------------------------------------------------------------------------------
What am I doing wrong here ?