error with creating a new vpn key
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Apr 05, 2011 8:14 pm
error with creating a new vpn key
So first off I am very new to open vpn. I am filling in a very large void of an IT guy that left very few instructions as to how things work. why creating a vpn for my new laptop it only made the .csr file and .key, not the .crt. It looks like in the creation process it hit a problem with reading permission (at the time of building the key I only had write permission), which i can fix, but how can i make it finish making the last file? the other two files, when compared to the existing keys, look as if they were written fine. If important, I'm on a Linux server.
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: error with creating a new vpn key
hi there,
can you tell us how did you try to create the new cert?
which files you used,what permissions they had etc?
michael.
can you tell us how did you try to create the new cert?
which files you used,what permissions they had etc?
michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Apr 05, 2011 8:14 pm
Re: error with creating a new vpn key
I started with . var and followed that with ./build-key <username>. when i entered the second command, it returned permission dinied, so i tried sudo ./build-key <username> but it was not recognized. so i did chmod -r o+w keys and started over, not thinking that i needed to add the read or execute permissions. however when making that mistake i found myself in my current situation and stopped there for fear of screwing things up. also, if it makes things clearer, the output of the command directly said the error was that it could not read /opt/easy-rsa/keys/ca.key, so i know that that was the problem. i had only reading permission up to and including easy-rsa, after that i had to add writing to keys to get going. so i didnt even change keys to give me reading permission, just writing, but i can if i need to.
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: error with creating a new vpn key
hi there,
please post the output of ls -la (to see permissions and ownerships of files)
which distro are you using?
are you root? (probably not)
michael.
please post the output of ls -la (to see permissions and ownerships of files)
which distro are you using?
are you root? (probably not)
michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Apr 05, 2011 8:14 pm
Re: error with creating a new vpn key
the ls -la gives me this for the directory containing the keys:
d-wx-wx-wx 2 root root 12288 2011-04-04 16:52 keys
you are correct in guessing that i am not root, however i have the password to use sudo commands, so i can change the permissions if i need to. my only problem is once i change the permissions, how do i tell it to finish building the key. could just retyping the build-key command do it, or would i be running the risk of messing things up?
Edit: also, if it makes a difference, all the files inside of the directory keys are owned by root, other than the 2 that resulted from my attempt at creating mine, which belong to me. all the .csr and .crt files have the permissions as -rw-r-xr-x while the .key files have -rw---x--x. the only exceptions are my 2 files (a .csr and .key) which both have -rw-r--r--
d-wx-wx-wx 2 root root 12288 2011-04-04 16:52 keys
you are correct in guessing that i am not root, however i have the password to use sudo commands, so i can change the permissions if i need to. my only problem is once i change the permissions, how do i tell it to finish building the key. could just retyping the build-key command do it, or would i be running the risk of messing things up?
Edit: also, if it makes a difference, all the files inside of the directory keys are owned by root, other than the 2 that resulted from my attempt at creating mine, which belong to me. all the .csr and .crt files have the permissions as -rw-r-xr-x while the .key files have -rw---x--x. the only exceptions are my 2 files (a .csr and .key) which both have -rw-r--r--
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: error with creating a new vpn key
hi there,
first the original permissions on keys dir are root:root 600
inside keys dir the .crt files have root:root 644 and .key root:root 600
also index.txt and serial needs 644 root:root
so, you surely need read access to the above files
and probably write access to bot index.txt and serial ,and write access to keys dir.
i prefer to generate keys as root...
michael.
ps:just remember to restore permissions on keys folder..
first the original permissions on keys dir are root:root 600
inside keys dir the .crt files have root:root 644 and .key root:root 600
also index.txt and serial needs 644 root:root
so, you surely need read access to the above files
and probably write access to bot index.txt and serial ,and write access to keys dir.
i prefer to generate keys as root...
michael.
ps:just remember to restore permissions on keys folder..
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Apr 05, 2011 8:14 pm
Re: error with creating a new vpn key
thanks a lot. it looks like the key is working fine now. sorry to be a bother with a lame question like that.
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: error with creating a new vpn key
ok then
closing topic.
Michael.
closing topic.
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"