OpenVPN Support Forum

Posted: **Thu Sep 15, 2011 6:33 pm**

I am running CentOS 6 x64 and trying to load openvpn. I tried to follow the How-to but all it says is to go to easy-rsa and run ......
Problem is when I go to easy-rsa there are 3 directories; 1.0, 2.0 and windows. Since this is a linux box i don't need windows and since it is version 2.x of openvpn i go to the 2.0 directory and there is no openssl.cnf file located there so build-ca does not work. Which step is missing or did I miss something in the documentation?

thanks

Posted: **Thu Sep 15, 2011 9:18 pm**

which version of openvpn are you using?

the centos6 epel version is 2.1.4, which includes easy-rsa/2.0/openssl.cnf

the source tarball of openvpn 2.2.1 includes easy-rsa/2.0/openssl-1.0.0.cnf, which is automatically selected when sourcing the 'vars' file (or actually, when running the 'whichopensslcnf' command)

Posted: **Thu Sep 15, 2011 11:58 pm**

I am using the 2.2.1 tar ball. built a rpm out of it like the how to said.

When I run vars or whichopensslcnf I get "No openssl.cnf file could be found. Further invocations will fail."

I have pulled down the tar.gz file 3x and every time it is the same thing.

Posted: **Fri Sep 16, 2011 8:00 am**

but is the file 'openssl-1.0.0.cnf' listed? update your 'vars' file to point to it directly.

I've just built an 2.2.1 RPM from the spec file and ALL files from the easy-rsa directories are included.

Posted: **Fri Sep 16, 2011 11:12 am**

that is the problem. there is no openssl.cnf or openssl-1.0.0.cnf file listed in easy-rsa/2.0

Posted: **Fri Sep 16, 2011 11:16 am**

I just did

Code: Select all

$ rpmbuild -tb openvpn-2.2.1.tar.gz
[....]
$ rpm -qlp .../RPMS/x86_64/openvpn-2.2.1-1.x86_64.rpm | grep openssl
/usr/share/doc/openvpn-2.2.1/easy-rsa/1.0/openssl.cnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/openssl-0.9.6.cnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/openssl-0.9.8.cnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/openssl-1.0.0.cnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/openssl-1.0.0.cnf-old-copy
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/tmp/openssl-0.9.6.cnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/tmp/openssl-1.0.0.cnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/tmp/whichopensslcnf
/usr/share/doc/openvpn-2.2.1/easy-rsa/2.0/whichopensslcnf

what do you get out of your RPM build?

Posted: **Fri Sep 16, 2011 12:03 pm**

Ok, I have rebuilt it and I get those files. But this is what happens after I edit vars

Code: Select all

. ./vars 
**************************************************************
  No /etc/openvpn/easy-rsa/2.0/openssl.cnf file could be found
  Further invocations will fail
**************************************************************
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys

Posted: **Fri Sep 16, 2011 12:13 pm**

you first need to copy over the existing easy-rsa files to the /etc directory:

Code: Select all

$ mkdir -p /etc/openvpn/easy-rsa
$ cd /etc/openvpn/easy-rsa
$ cp -a /usr/share/doc/openvpn-2.2.1/easy-rsa/2.0 .

etc. the RPM does not install any files in /etc/openvpn.

Posted: **Fri Sep 16, 2011 12:35 pm**

I have done that and am running it there.

Posted: **Fri Sep 16, 2011 1:52 pm**

I wonder why 'whichopensslcnf' does not return the right value. You can work around it by setting the full path in your 'vars' file like this:

Code: Select all

export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf

provided that that file does exist now, of course.

Posted: **Fri Sep 16, 2011 3:08 pm**

Thanks for the help. It worked this time around.

Posted: **Mon Nov 21, 2011 7:04 pm**

......

Posted: **Sun May 27, 2012 2:08 am**

deleted

Posted: **Tue Feb 03, 2015 9:22 pm**

Hello,

You can solve the problem installing openssl . Then , 'whichopensslcnf' will return the correct value without any changes.

I hope it helps

Miquel Boada

Posted: **Sun Nov 10, 2019 8:33 pm**

This was driving me mad and the fix was fairly simple

Code: Select all

cd /etc/openvpn/easy-rsa
ln -s openssl-1.0.0.cnf openssl.cnf

Soruce: https://unix.stackexchange.com/a/103603/229547

Posted: **Sun Nov 10, 2019 8:42 pm**

If are just starting with Easyrsa2, we recommend you move to Easyrsa3

https://github.com/OpenVPN/easy-rsa/releases

If you already have a full PKI under Easyrsa2, there will soon be an upgrade path to Easyrsa3.

OpenVPN Support Forum

[Solved] openssl.cnf not found in easy-rsa/2.0

[Solved] openssl.cnf not found in easy-rsa/2.0

Re: openssl.cnf not found in easy-rsa/2.0

Re: openssl.cnf not found in easy-rsa/2.0

Re: openssl.cnf not found in easy-rsa/2.0

Re: openssl.cnf not found in easy-rsa/2.0

Re: openssl.cnf not found in easy-rsa/2.0

Re: openssl.cnf not found in easy-rsa/2.0

Re: openssl.cnf not found in easy-rsa/2.0

Re: openssl.cnf not found in easy-rsa/2.0

Re: openssl.cnf not found in easy-rsa/2.0

Re: openssl.cnf not found in easy-rsa/2.0

Re: openssl.cnf not found in easy-rsa/2.0

Re: openssl.cnf not found in easy-rsa/2.0

Re: openssl.cnf not found in easy-rsa/2.0

Re: openssl.cnf not found in easy-rsa/2.0

Re: openssl.cnf not found in easy-rsa/2.0