error with creating a new vpn key

[tjhans]

So first off I am very new to open vpn. I am filling in a very large void of an IT guy that left very few instructions as to how things work. why creating a vpn for my new laptop it only made the .csr file and .key, not the .crt. It looks like in the creation process it hit a problem with reading permission (at the time of building the key I only had write permission), which i can fix, but how can i make it finish making the last file? the other two files, when compared to the existing keys, look as if they were written fine. If important, I'm on a Linux server.

[maikcat]

hi there,

can you tell us how did you try to create the new cert?
which files you used,what permissions they had etc?

michael.

[tjhans]

I started with . var and followed that with ./build-key <username>. when i entered the second command, it returned permission dinied, so i tried sudo ./build-key <username> but it was not recognized. so i did chmod -r o+w keys and started over, not thinking that i needed to add the read or execute permissions. however when making that mistake i found myself in my current situation and stopped there for fear of screwing things up. also, if it makes things clearer, the output of the command directly said the error was that it could not read /opt/easy-rsa/keys/ca.key, so i know that that was the problem. i had only reading permission up to and including easy-rsa, after that i had to add writing to keys to get going. so i didnt even change keys to give me reading permission, just writing, but i can if i need to.

[maikcat]

hi there,

please post the output of ls -la (to see permissions and ownerships of files)

which distro are you using?
are you root? (probably not)

michael.

[tjhans]

the ls -la gives me this for the directory containing the keys:
d-wx-wx-wx 2 root root 12288 2011-04-04 16:52 keys
you are correct in guessing that i am not root, however i have the password to use sudo commands, so i can change the permissions if i need to. my only problem is once i change the permissions, how do i tell it to finish building the key. could just retyping the build-key command do it, or would i be running the risk of messing things up?

Edit: also, if it makes a difference, all the files inside of the directory keys are owned by root, other than the 2 that resulted from my attempt at creating mine, which belong to me. all the .csr and .crt files have the permissions as -rw-r-xr-x while the .key files have -rw---x--x. the only exceptions are my 2 files (a .csr and .key) which both have -rw-r--r--

[maikcat]

hi there,

first the original permissions on keys dir are root:root 600

inside keys dir the .crt files have root:root 644 and .key root:root 600

also index.txt and serial needs 644 root:root

so, you surely need read access to the above files
and probably write access to bot index.txt and serial ,and write access to keys dir.

i prefer to generate keys as root...

michael.

ps:just remember to restore permissions on keys folder..

[tjhans]

thanks a lot. it looks like the key is working fine now. sorry to be a bother with a lame question like that.

[maikcat]

ok then

closing topic.

Michael.