OpenVPN Support Forum

Posted: **Mon Aug 21, 2017 9:43 am**

I am trying to setup openvpn on a new debian 9 stretch install. i have done this before on debian 8 without a problem, but i can't figure this out:

i am using defaults in `vars`

Code: Select all

# cd /etc/openvpn/easy-rsa && source ./vars

Code: Select all

# ./clean-all

Code: Select all

# ./build-ca
req: Error on line 198 of config file "/etc/openvpn/easy-rsa/openssl.cnf"
Generating a 2048 bit RSA private key
................+++
.............................................................................+++
writing new private key to 'ca.key'
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
140484666176768:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:../crypto/conf/conf_lib.c:272:

Posted: **Mon Aug 21, 2017 11:17 am**

maskedkuma wrote:req: Error on line 198 of config file "/etc/openvpn/easy-rsa/openssl.cnf"

There is no "openssl.cnf" .. so I don't know what you have done.

Look in /usr/share/easy-rsa

Posted: **Mon Aug 21, 2017 11:44 am**

Code: Select all

openssl.cnf -> openssl-1.0.0.cnf

and copying openssl-1.0.0.cnf to openssl.cnf has the same effect.

Code: Select all

openssl version
OpenSSL 1.1.0f  25 May 2017

Code: Select all

# ./whichopensslcnf
/openssl.cnf
**************************************************************
  No /openssl.cnf file could be found
  Further invocations will fail
**************************************************************

Posted: **Mon Jul 30, 2018 2:24 pm**

The solution to this problem in Debian Stretch is to add the following line to your vars file (don't forget to "source ./vars" afterwards"):

export KEY_ALTNAMES="EasyRSA"

Posted: **Mon Jul 30, 2018 2:30 pm**

Thanks for replying after all this time. I evidently got it working somehow, but I didn't report back here and definitely don't remember how. I didn't use KEY_ALTNAMES.

Thanks again

Posted: **Fri Mar 27, 2020 2:01 pm**

The file /etc/openvpn/easy-rsa/vars does not have KEY_ALTNAME defined but it does have KEY_ALTNAMES.

I created KEY_ALTNAME and everything worked.

Posted: **Fri Mar 27, 2020 2:15 pm**

For future reference:

https://github.com/OpenVPN/easy-rsa/releases - Easy-RSA v3
https://github.com/TinCanTech/easy-tls - Easy-TSL v1 (Complimentary script)

When Easy-RSA 3.0.7 is released it will include an upgrade path for Easy-RSA v2
Easy-TLS helps manage the various OpenVPN specific TLS keys and Inline files.

OpenVPN Support Forum

./build-ca is not working

./build-ca is not working

Re: ./build-ca is not working

Re: ./build-ca is not working

Re: ./build-ca is not working

Re: ./build-ca is not working

Re: ./build-ca is not working

Re: ./build-ca is not working