Windows 11 - openssl-easyrsa.cnf not found in easy-rsa 3

Support forum for Easy-RSA certificate management suite.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

valorisa34
OpenVPN User
Posts: 22
Joined: Fri Nov 12, 2021 9:39 am

Windows 11 - openssl-easyrsa.cnf not found in easy-rsa 3

Post by valorisa34 » Fri Nov 12, 2021 9:47 am

Hello,

I'm having a trouble getting EasyRSA 3.0.8 working on Windows 11 dev channel (Windows Insider) with the command './easyrsa build-ca nopass'. This is OpenVPN-2.5.4-I604-amd64.msi from https://openvpn.net/community-downloads/

I follow this 'how to' (tuto) :
https://shebangthedolphins.net/vpn_open ... erver.html

Code: Select all

C:\Program Files\OpenVPN\easy-rsa>EasyRSA-Start.bat

Welcome to the EasyRSA 3 Shell for Windows.
Easy-RSA 3 is available under a GNU GPLv2 license.

Invoke './easyrsa' to call the program. Without commands, help is displayed.

EasyRSA Shell

EasyRSA Shell
# ./easyrsa build-ca nopass
Using SSL: openssl OpenSSL 1.1.1l  24 Aug 2021

Easy-RSA error:

The OpenSSL config file cannot be found.
Expected location: C:/Program Files/OpenVPN/easy-rsa/pki/openssl-easyrsa.cnf


EasyRSA Shell

EasyRSA Shell
# cp -iv openssl-easyrsa.cnf "C:/Program Files/OpenVPN/easy-rsa/pki/openssl-easyrsa.cnf"
openssl-easyrsa.cnf -> C:/Program Files/OpenVPN/easy-rsa/pki/openssl-easyrsa.cnf

EasyRSA Shell
# ./easyrsa build-ca nopass
Using SSL: openssl OpenSSL 1.1.1l 24 Aug 2021
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-15456.a07364/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmp8C67.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmp8C67.tmp
fd = 3
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-15456.a07364/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmp8D32.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmp8D32.tmp
fd = 3
Generating RSA private key, 2048 bit long modulus (2 primes)
.................................+++++
...................................+++++
e is 65537 (0x010001)
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-15456.a07364/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmp8EF7.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmp8EF7.tmp
fd = 3
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:DESKTOP-P2SN4KI

CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
C:/Program Files/OpenVPN/easy-rsa/pki/ca.crt
#
Thanks in advance.
Valorisa
Last edited by valorisa34 on Fri Nov 12, 2021 2:44 pm, edited 3 times in total.

valorisa34
OpenVPN User
Posts: 22
Joined: Fri Nov 12, 2021 9:39 am

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by valorisa34 » Fri Nov 12, 2021 10:23 am

Code: Select all

Microsoft Windows [version 10.0.22499.1000]
(c) Microsoft Corporation. Tous droits réservés.

C:\Windows\System32>cd C:\Program Files\OpenVPN\easy-rsa && EasyRSA-Start.bat

Welcome to the EasyRSA 3 Shell for Windows.
Easy-RSA 3 is available under a GNU GPLv2 license.

Invoke './easyrsa' to call the program. Without commands, help is displayed.

EasyRSA Shell
# ./easyrsa build-server-full server nopass
Using SSL: openssl OpenSSL 1.1.1l  24 Aug 2021
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD486.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD486.tmp
fd = 3
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD551.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD551.tmp
fd = 3
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD5FD.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD5FD.tmp
fd = 3
Generating a RSA private key
......................................................+++++
.....................+++++
writing new private key to 'C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.a01488'
-----

Easy-RSA error:

Unknown cert type 'server'

Easy-RSA error:

Failed to sign 'server'


EasyRSA Shell
Last edited by valorisa34 on Fri Nov 12, 2021 12:27 pm, edited 1 time in total.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by TinCanTech » Fri Nov 12, 2021 12:25 pm

You got it working ?

valorisa34
OpenVPN User
Posts: 22
Joined: Fri Nov 12, 2021 9:39 am

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by valorisa34 » Fri Nov 12, 2021 12:34 pm

TinCanTech wrote:
Fri Nov 12, 2021 12:25 pm
You got it working ?
For the copy of openssl-easyrsa.cnf in the good location it's ok but now with the command : '# ./easyrsa build-server-full server nopass' I obtain the error :

Code: Select all

# ./easyrsa build-server-full server nopass
Using SSL: openssl OpenSSL 1.1.1l  24 Aug 2021
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD486.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD486.tmp
fd = 3
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD551.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD551.tmp
fd = 3
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD5FD.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD5FD.tmp
fd = 3
Generating a RSA private key
......................................................+++++
.....................+++++
writing new private key to 'C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.a01488'
-----

Easy-RSA error:

Unknown cert type 'server'

Easy-RSA error:

Failed to sign 'server'


EasyRSA Shell
#

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by TinCanTech » Fri Nov 12, 2021 1:12 pm

Do you know which version of Easy-RSA3 you have ?

Edit: OK Windows version.

I believe there is a known bug.
https://github.com/OpenVPN/easy-rsa/issues

Not sure which one ..

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by TinCanTech » Fri Nov 12, 2021 1:38 pm

This one may be ..

https://github.com/OpenVPN/easy-rsa/issues/412

Try copying EasyRSA to a path without spaces ..

valorisa34
OpenVPN User
Posts: 22
Joined: Fri Nov 12, 2021 9:39 am

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by valorisa34 » Fri Nov 12, 2021 2:07 pm

TinCanTech wrote:
Fri Nov 12, 2021 1:12 pm
Do you know which version of Easy-RSA3 you have ?

Edit: OK Windows version.

I believe there is a known bug.
https://github.com/OpenVPN/easy-rsa/issues

Not sure which one ..

OpenVPN-2.5.4-I604-amd64 and EasyRSA 3.0.8

Code: Select all

EasyRSA Shell
#  ./easyrsa --version
EasyRSA Version Information
Version:     3.0.8
Generated:   Wed Sep 16 07:52:24 CDT 2020
SSL Lib:     OpenSSL 1.1.1l  24 Aug 2021
Git Commit:  a9cecc747c419197d9540ccd46259559e271788a
Source Repo: https://github.com/OpenVPN/easy-rsa

valorisa34
OpenVPN User
Posts: 22
Joined: Fri Nov 12, 2021 9:39 am

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by valorisa34 » Fri Nov 12, 2021 2:33 pm

valorisa34 wrote:
Fri Nov 12, 2021 10:23 am

Code: Select all

Microsoft Windows [version 10.0.22499.1000]
(c) Microsoft Corporation. Tous droits réservés.

C:\Windows\System32>cd C:\Program Files\OpenVPN\easy-rsa && EasyRSA-Start.bat

Welcome to the EasyRSA 3 Shell for Windows.
Easy-RSA 3 is available under a GNU GPLv2 license.

Invoke './easyrsa' to call the program. Without commands, help is displayed.

EasyRSA Shell
# ./easyrsa build-server-full server nopass
Using SSL: openssl OpenSSL 1.1.1l  24 Aug 2021
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD486.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD486.tmp
fd = 3
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD551.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD551.tmp
fd = 3
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD5FD.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD5FD.tmp
fd = 3
Generating a RSA private key
......................................................+++++
.....................+++++
writing new private key to 'C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.a01488'
-----

Easy-RSA error:

Unknown cert type 'server'

Easy-RSA error:

Failed to sign 'server'


EasyRSA Shell
Have other people seen this same problem ?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by TinCanTech » Fri Nov 12, 2021 3:32 pm

Did you read the links above ?

valorisa34
OpenVPN User
Posts: 22
Joined: Fri Nov 12, 2021 9:39 am

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by valorisa34 » Fri Nov 12, 2021 7:21 pm

" Workaround: create a directory with no spaces in the name, eg. C:\temp
In EasyRSA vars use set_var EASYRSA_TEMP_DIR "/temp"
and run build-ca
"

valorisa34
OpenVPN User
Posts: 22
Joined: Fri Nov 12, 2021 9:39 am

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by valorisa34 » Fri Nov 12, 2021 7:25 pm

Within the EasyRSA Shell ?
Aand if so, how exactly do you do that ?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by TinCanTech » Fri Nov 12, 2021 7:29 pm

You should try the other solution ....

Copy ALL of Easy-RSA to C:\EasyRSA3 and run it from there.


And don't do it from within Easy-RSA just use Windblows...

valorisa34
OpenVPN User
Posts: 22
Joined: Fri Nov 12, 2021 9:39 am

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by valorisa34 » Fri Nov 12, 2021 8:24 pm

OK I try it and I tell you the result.

valorisa34
OpenVPN User
Posts: 22
Joined: Fri Nov 12, 2021 9:39 am

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by valorisa34 » Sat Nov 13, 2021 10:31 am

TinCanTech wrote:
Fri Nov 12, 2021 7:29 pm
You should try the other solution ....

Copy ALL of Easy-RSA to C:\EasyRSA3 and run it from there.


And don't do it from within Easy-RSA just use Windblows...


Folders and files copied from 'C:\Program Files\OpenVPN\easy-rsa' to 'C:\EasyRSA3' with the command ' C:\Program Files\OpenVPN\easy-rsa>cp -iRv * "C:\EasyRSA3" '. That's right ?
And now from cmd (with administrator rights) :
'cd c:\EayRSA3',
'EasyRSA-Start.bat' and follow the process.
'# ./easyrsa init-pki'
'# ./easyrsa build-ca nopass'
'# ./easyrsa build-server-full server nopass'
'# ./easyrsa gen-dh'

That's right ?

http://ibb.co/1K48B6z
Last edited by valorisa34 on Sat Nov 13, 2021 12:03 pm, edited 4 times in total.

valorisa34
OpenVPN User
Posts: 22
Joined: Fri Nov 12, 2021 9:39 am

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by valorisa34 » Sat Nov 13, 2021 10:38 am

Code: Select all

C:\>cd EasyRSA3

C:\EasyRSA3>dir
 Le volume dans le lecteur C s’appelle Windows 11 Pro
 Le numéro de série du volume est 8A79-EF7E

 Répertoire de C:\EasyRSA3

13/11/2021  11:09    <DIR>          .
13/11/2021  11:09    <DIR>          bin
13/11/2021  11:05             5 009 ChangeLog
13/11/2021  11:05             1 256 COPYING.html
13/11/2021  11:05             1 305 COPYING.md
13/11/2021  11:09    <DIR>          doc
13/11/2021  11:05            76 946 easyrsa
13/11/2021  11:05               204 EasyRSA-Start.bat
13/11/2021  11:09    <DIR>          Licensing
13/11/2021  11:05                 0 netsh
13/11/2021  11:05             4 616 openssl-easyrsa.cnf
13/11/2021  11:09    <DIR>          pki
13/11/2021  11:05             4 263 README-Windows.txt
13/11/2021  11:05             2 195 README.html
13/11/2021  11:05             3 477 README.quickstart.html
13/11/2021  11:05             8 925 vars.example
13/11/2021  11:09    <DIR>          x509-types
              11 fichier(s)          108 196 octets
               6 Rép(s)  56 666 116 096 octets libres

C:\EasyRSA3>EasyRSA-Start.bat

Welcome to the EasyRSA 3 Shell for Windows.
Easy-RSA 3 is available under a GNU GPLv2 license.

Invoke './easyrsa' to call the program. Without commands, help is displayed.

EasyRSA Shell
#  ./easyrsa init-pki


WARNING!!!

You are about to remove the EASYRSA_PKI at: C:/EasyRSA3/pki
and initialize a fresh PKI here.

Type the word 'yes' to continue, or any other input to abort.
  Confirm removal: yes

init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: C:/EasyRSA3/pki



EasyRSA Shell
# ./easyrsa build-ca nopass
Using SSL: openssl OpenSSL 1.1.1l  24 Aug 2021

Easy-RSA error:

The OpenSSL config file cannot be found.
Expected location: C:/EasyRSA3/pki/openssl-easyrsa.cnf


EasyRSA Shell
# cp /?
cp: missing destination file
Try `cp --help' for more information.

EasyRSA Shell
# cp -iv openssl-easyrsa.cnf " C:/EasyRSA3/pki/openssl-easyrsa.cnf"
openssl-easyrsa.cnf ->  C:/EasyRSA3/pki/openssl-easyrsa.cnf
cp: cannot create regular file ` C:/EasyRSA3/pki/openssl-easyrsa.cnf': Invalid argument

EasyRSA Shell
# cp -iv openssl-easyrsa.cnf "C:/EasyRSA3/pki/openssl-easyrsa.cnf"
openssl-easyrsa.cnf -> C:/EasyRSA3/pki/openssl-easyrsa.cnf

EasyRSA Shell
# ./easyrsa build-ca nopass
Using SSL: openssl OpenSSL 1.1.1l  24 Aug 2021
path = C:/EasyRSA3/pki/easy-rsa-4356.a13700/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpC264.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpC264.tmp
fd = 3
path = C:/EasyRSA3/pki/easy-rsa-4356.a13700/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpC32F.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpC32F.tmp
fd = 3
Generating RSA private key, 2048 bit long modulus (2 primes)
..........................................................+++++
......................................................................................................................................+++++
e is 65537 (0x010001)
path = C:/EasyRSA3/pki/easy-rsa-4356.a13700/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpC533.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpC533.tmp
fd = 3
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:

CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
C:/EasyRSA3/pki/ca.crt



EasyRSA Shell
# ./easyrsa build-server-full server nopass
Using SSL: openssl OpenSSL 1.1.1l  24 Aug 2021
path = C:/EasyRSA3/pki/easy-rsa-10512.a05984/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmp211E.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmp211E.tmp
fd = 3
path = C:/EasyRSA3/pki/easy-rsa-10512.a05984/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmp21D9.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmp21D9.tmp
fd = 3
path = C:/EasyRSA3/pki/easy-rsa-10512.a05984/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmp22A4.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmp22A4.tmp
fd = 3
Generating a RSA private key
..................+++++
...+++++
writing new private key to 'C:/EasyRSA3/pki/easy-rsa-10512.a05984/tmp.a14212'
-----

Easy-RSA error:

Unknown cert type 'server'

Easy-RSA error:

Failed to sign 'server'


EasyRSA Shell
#

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by TinCanTech » Sat Nov 13, 2021 1:57 pm

What files are in x509-types folder ?

valorisa34
OpenVPN User
Posts: 22
Joined: Fri Nov 12, 2021 9:39 am

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by valorisa34 » Sat Nov 13, 2021 3:48 pm

Image

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by TinCanTech » Sat Nov 13, 2021 4:36 pm

Try this:
  1. Log off and then login to Windows - Clear all sessions
  2. Open an Administrator command prompt
  3. Code: Select all

    cd \progra~1\openvpn\easy-rsa
    Use \progra~1\ not \Program Files\
  4. Code: Select all

    easyrsa-start.bat
  5. Code: Select all

    ./easyrsa init-pki
  6. Code: Select all

    ./build-ca nopass
  7. Code: Select all

    ./build-server-full server nopass
What happens ?

valorisa34
OpenVPN User
Posts: 22
Joined: Fri Nov 12, 2021 9:39 am

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by valorisa34 » Sat Nov 13, 2021 7:11 pm

TinCanTech wrote:
Sat Nov 13, 2021 4:36 pm
Try this:
  1. Log off and then login to Windows - Clear all sessions
  2. Open an Administrator command prompt
  3. Code: Select all

    cd \progra~1\openvpn\easy-rsa
    Use \progra~1\ not \Program Files\
  4. Code: Select all

    easyrsa-start.bat
  5. Code: Select all

    ./easyrsa init-pki
  6. Code: Select all

    ./build-ca nopass
  7. Code: Select all

    ./build-server-full server nopass
What happens ?
Same result :

Code: Select all

C:\EasyRSA3>cd\

C:\>cd \progra~1\openvpn\easy-rsa

C:\PROGRA~1\OpenVPN\easy-rsa>pwd
/cygdrive/c/PROGRA~1/OpenVPN/easy-rsa

C:\PROGRA~1\OpenVPN\easy-rsa>easyrsa-start.bat

Welcome to the EasyRSA 3 Shell for Windows.
Easy-RSA 3 is available under a GNU GPLv2 license.

Invoke './easyrsa' to call the program. Without commands, help is displayed.

EasyRSA Shell
# ./easyrsa init-pki


WARNING!!!

You are about to remove the EASYRSA_PKI at: C:/PROGRA~1/OpenVPN/easy-rsa/pki
and initialize a fresh PKI here.

Type the word 'yes' to continue, or any other input to abort.
  Confirm removal: yes

init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: C:/PROGRA~1/OpenVPN/easy-rsa/pki



EasyRSA Shell
# ./build-ca nopass
bin/sh: ./build-ca: not found

EasyRSA Shell
# pwd
C:/PROGRA~1/OpenVPN/easy-rsa

EasyRSA Shell
# dir
COPYING.html       Licensing               bin      openssl-easyrsa.cnf
COPYING.md         README-Windows.txt      doc      pki
ChangeLog          README.html             easyrsa  vars.example
EasyRSA-Start.bat  README.quickstart.html  netsh    x509-types

EasyRSA Shell
# ./easyrsa build-ca nopass
Using SSL: openssl OpenSSL 1.1.1l  24 Aug 2021

Easy-RSA error:

The OpenSSL config file cannot be found.
Expected location: C:/PROGRA~1/OpenVPN/easy-rsa/pki/openssl-easyrsa.cnf


EasyRSA Shell
# pwd
C:/PROGRA~1/OpenVPN/easy-rsa

EasyRSA Shell
# ls
COPYING.html            README.html             openssl-easyrsa.cnf
COPYING.md              README.quickstart.html  pki
ChangeLog               bin                     vars.example
EasyRSA-Start.bat       doc                     x509-types
Licensing               easyrsa
README-Windows.txt      netsh

EasyRSA Shell
# cp -iv openssl-easyrsa.cnf "C:/PROGRA~1/OpenVPN/easy-rsa/pki/openssl-easyrsa.cnf"
openssl-easyrsa.cnf -> C:/PROGRA~1/OpenVPN/easy-rsa/pki/openssl-easyrsa.cnf

EasyRSA Shell
# ./easyrsa build-ca nopass
Using SSL: openssl OpenSSL 1.1.1l  24 Aug 2021
path = C:/PROGRA~1/OpenVPN/easy-rsa/pki/easy-rsa-5784.a11832/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpAB63.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpAB63.tmp
fd = 3
path = C:/PROGRA~1/OpenVPN/easy-rsa/pki/easy-rsa-5784.a11832/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpABFF.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpABFF.tmp
fd = 3
Generating RSA private key, 2048 bit long modulus (2 primes)
............+++++
..........................................................................+++++
e is 65537 (0x010001)
path = C:/PROGRA~1/OpenVPN/easy-rsa/pki/easy-rsa-5784.a11832/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpAD96.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpAD96.tmp
fd = 3
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:

CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
C:/PROGRA~1/OpenVPN/easy-rsa/pki/ca.crt



EasyRSA Shell
# ./easyrsa build-server-full server nopass
Using SSL: openssl OpenSSL 1.1.1l  24 Aug 2021
path = C:/PROGRA~1/OpenVPN/easy-rsa/pki/easy-rsa-9708.a01780/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmp30EF.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmp30EF.tmp
fd = 3
path = C:/PROGRA~1/OpenVPN/easy-rsa/pki/easy-rsa-9708.a01780/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmp319A.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmp319A.tmp
fd = 3
path = C:/PROGRA~1/OpenVPN/easy-rsa/pki/easy-rsa-9708.a01780/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmp3246.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmp3246.tmp
fd = 3
Generating a RSA private key
.....................+++++
.....................................................................................................................................................+++++
writing new private key to 'C:/PROGRA~1/OpenVPN/easy-rsa/pki/easy-rsa-9708.a01780/tmp.a13424'
-----

Easy-RSA error:

Unknown cert type 'server'

Easy-RSA error:

Failed to sign 'server'


EasyRSA Shell
#

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: openssl-easyrsa.cnf not found in easy-rsa 3

Post by TinCanTech » Sat Nov 13, 2021 7:36 pm

I believe the problem is here (easyrsa:line 1738):

Code: Select all

	# Same as above for the x509-types extensions dir
	if [ -d "$EASYRSA_PKI/x509-types" ]; then
		set_var EASYRSA_EXT_DIR		"$EASYRSA_PKI/x509-types"
	else	
		#TODO: This should be removed.  Not really suitable for packaging.
		set_var EASYRSA_EXT_DIR		"$EASYRSA/x509-types"
	fi
If you feel confident to edit the source file then replace that(above) with this(below):

Code: Select all

	# Same as above for the x509-types extensions dir
	if [ -d "$EASYRSA_PKI/x509-types" ]; then
		set_var EASYRSA_EXT_DIR		"$EASYRSA_PKI/x509-types"
	elif [ -d "$EASYRSA/x509-types" ]; then
		#TODO: This should be removed.  Not really suitable for packaging.
		set_var EASYRSA_EXT_DIR		"$EASYRSA/x509-types"
	else
		die "Missing x509-types folder"
	fi
I have posted a patch here, which you will be testing:
https://github.com/OpenVPN/easy-rsa/pull/466
https://patch-diff.githubusercontent.co ... /466.patch

Post Reply