Page 2 of 2
Re: Client Certificate generation
Posted: Fri Aug 13, 2021 2:41 pm
by Bigjohn
TinCanTech wrote: ↑Wed Aug 11, 2021 7:21 pm
Bigjohn wrote: ↑Wed Aug 11, 2021 6:51 pm
Easy-RSA 3 ChangeLog
3.0.8 (2020-09-09)
So: 3.0.8
Code: Select all
tct@home:~/easy-rsa/EasyRSA-3.0.8$ ./easyrsa
Easy-RSA 3 usage and overview
USAGE: easyrsa [options] COMMAND [command-options]
A list of commands is shown below. To get detailed usage and help for a
command, run:
./easyrsa help COMMAND
For a listing of options that can be supplied before the command, use:
./easyrsa help options
Here is the list of commands available with a short syntax reminder. Use the
'help' command above to get full usage details.
init-pki
build-ca [ cmd-opts ]
gen-dh
gen-req <filename_base> [ cmd-opts ]
sign-req <type> <filename_base>
build-client-full <filename_base> [ cmd-opts ]
build-server-full <filename_base> [ cmd-opts ]
revoke <filename_base> [cmd-opts]
renew <filename_base> [cmd-opts]
build-serverClient-full <filename_base> [ cmd-opts ]
gen-crl
update-db
show-req <filename_base> [ cmd-opts ]
show-cert <filename_base> [ cmd-opts ]
show-ca [ cmd-opts ]
import-req <request_file_path> <short_basename>
export-p7 <filename_base> [ cmd-opts ]
export-p8 <filename_base> [ cmd-opts ]
export-p12 <filename_base> [ cmd-opts ]
set-rsa-pass <filename_base> [ cmd-opts ]
set-ec-pass <filename_base> [ cmd-opts ]
upgrade <type>
DIRECTORY STATUS (commands would take effect on these locations)
EASYRSA: /home/tct/easy-rsa/EasyRSA-3.0.8
PKI: /home/tct/easy-rsa/EasyRSA-3.0.8/pki
upgrade <type>
Code: Select all
tct@home:~/easy-rsa/EasyRSA-3.0.8$ ./easyrsa help upgrade
upgrade <type>
Upgrade EasyRSA PKI and/or CA. <type> must be one of:
pki - Upgrade EasyRSA v2.x PKI to EasyRSA v3.x PKI (includes CA below)
ca - Upgrade EasyRSA v3.0.5 CA or older to EasyRSA v3.0.6 CA or later.
It takes a backup and runs a simulation before making any changes. And if anything goes wrong then it does a roll-back.
This is what happens on my computer.
Code: Select all
EasyRSA Shell
# ./easyrsa upgrade ca
./easyrsa: C:/Program Files/OpenVPN/easy-rsa/pki/vars[1]: @echo: not found
./easyrsa: C:/Program Files/OpenVPN/easy-rsa/pki/vars[2]: rem: not found
./easyrsa: C:/Program Files/OpenVPN/easy-rsa/pki/vars[3]: rem: not found
./easyrsa: C:/Program Files/OpenVPN/easy-rsa/pki/vars[4]: rem: not found
./easyrsa: C:/Program Files/OpenVPN/easy-rsa/pki/vars[6]: rem: not found
./easyrsa: C:/Program Files/OpenVPN/easy-rsa/pki/vars[7]: syntax error: '(' unexpected
Note: using Easy-RSA configuration from: C:/Program Files/OpenVPN/easy-rsa/pki/vars
Easy-RSA error:
echo
./easyrsa[2577]: vars file not found: bad number
Re: Client Certificate generation
Posted: Fri Aug 13, 2021 3:15 pm
by TinCanTech
There is a bug.
Open easyrsa in a text editor (notepad++) and go to line 2232, look for:
Code: Select all
if [ $EASYRSA_FOUND_VARS -ne 1 ];
then
die echo "vars file not found"
fi
Remove the '
echo' between '
die' and '
"vars'
Re: Client Certificate generation
Posted: Mon Aug 16, 2021 3:28 pm
by Bigjohn
For the version 2 easy RSA the vars file was 'vars.bat' - do I keep that naming convention? or rename just 'vars'?
Thanks
Re: Client Certificate generation
Posted: Mon Aug 16, 2021 3:44 pm
by TinCanTech
The upgrade process should move vars.bat out of the way. Only vars is used by EasyRSA 3
Re: Client Certificate generation
Posted: Tue Aug 17, 2021 2:23 pm
by Bigjohn
TinCanTech wrote: ↑Mon Aug 16, 2021 3:44 pm
The upgrade process should move vars.bat out of the way. Only vars is used by EasyRSA 3
but I need MY vars for the old/CA / cert, right?
sorry for all the questions but i'm close to having this resolved I think!
John
Re: Client Certificate generation
Posted: Tue Aug 17, 2021 2:30 pm
by TinCanTech
The upgrade process builds a vars file for EasyRSA-3 from your old vars.bat file for EasyRSA-2
EasyRSA-3 does not ever use vars.bat for anything other than the above.
Re: Client Certificate generation
Posted: Thu Aug 19, 2021 8:17 pm
by Bigjohn
TinCanTech wrote: ↑Fri Aug 13, 2021 3:15 pm
There is a bug.
Open easyrsa in a text editor (notepad++) and go to line 2232, look for:
Code: Select all
if [ $EASYRSA_FOUND_VARS -ne 1 ];
then
die echo "vars file not found"
fi
Remove the '
echo' between '
die' and '
"vars'
I don't see a way to do this?
Re: Client Certificate generation
Posted: Thu Aug 19, 2021 9:01 pm
by TinCanTech
In your own words: hard to teach old dogs new tricks
Motivate me Financially ..
Re: Client Certificate generation
Posted: Tue Aug 31, 2021 8:07 pm
by Bigjohn
TinCanTech wrote: ↑Thu Aug 19, 2021 9:01 pm
In your own words:
hard to teach old dogs new tricks
Motivate me Financially ..
PM me your venmo?
Re: Client Certificate generation
Posted: Tue Aug 31, 2021 10:29 pm
by TinCanTech
If you wish to contact me then there are obvious ways to do so here:
https://github.com/TinCanTech/easy-tls
Re: Client Certificate generation
Posted: Wed Sep 01, 2021 11:52 am
by 300000
as I promise with you to help how to create certificate as you have hard time to make it work . you need to follow as picture or it will not work and here is the tutorial to help you
Create a folder to hold all file inside so it more quick to find what you want. Copy two importan CA certificate key with crt and key extensions.
first we need download free software from internet . just type on google XCA to go to their website and install on your computer. you can run this software on linux, window, mac so it is the same .
After install software create new profile and save in the the folder you create and we need import two CA file into that , open profile and client private tab then import CA key
mote to certificate and import public key of CA certificate as
Next we are going to create a Certificare singning requests
the click new requests and chose source and enter as picture
Move to Subject then fill out
client Generate key then leave it as
Move to Extensions and fill out all infor
move to key usage as picture then client ok
first part we have finished Certificate signing requested and we need sign it with Certificate CA
chose Certificate signing requested and then chose sign
Fill out all infor, Use this certificate for signing is your certificate name
Move to extensions and enter all infor and you need click apply
move to key usage and choose as before the click ok after that you got new client certificate to use
Click certificate and export your new certificate to use
then choose private to export your client private key to with so you got new client and two file to use
make sure you must export CA public certificate too so it will have three key to create new openvpn client
you need to follow as picture and if you got and error just post in here I can help you free of charge and this is will work 100 %
Re: Client Certificate generation
Posted: Wed Sep 01, 2021 1:36 pm
by Bigjohn
@300000 -
Thanks for that - but did you mean to post pictures? they did not make it.
Re: Client Certificate generation
Posted: Wed Sep 01, 2021 1:41 pm
by 300000
yes i did post with picture , can you see picture or not?
Re: Client Certificate generation
Posted: Wed Sep 08, 2021 3:08 pm
by Bigjohn
300000 wrote: ↑Wed Sep 01, 2021 1:41 pm
yes i did post with picture , can you see picture or not?
No - i simply see the word IMAGE where I imagine you had a picture.
Re: Client Certificate generation
Posted: Wed Sep 08, 2021 3:10 pm
by Bigjohn
@300000 - if you can DM me, please do?
Re: Client Certificate generation
Posted: Wed Sep 08, 2021 4:19 pm
by 300000
Somehow they remove picture but when I check on my phone there are picture on that . You know this is how this forum work but I will help you now I am going to post all picture on google drive you can download all pictures start number 1 and so on . just follow pictures you check Back here and if something wrong I can help you, If you cant do it I can make a video screen to help you out . this is very simple task and only 10 minutes do to.
https://drive.google.com/drive/folders/ ... sp=sharing
Re: Client Certificate generation
Posted: Wed Sep 08, 2021 5:22 pm
by TinCanTech
I can also see the pictures on the forum .. I have no idea why they work only sometimes.
Re: Client Certificate generation
Posted: Wed Sep 08, 2021 6:40 pm
by Pippin
Could be browser/DNS filter.
They are working here too.
Re: Client Certificate generation
Posted: Fri Sep 10, 2021 1:56 am
by TinCanTech
It's probably my \
TinCan hat