Support forum for Easy-RSA certificate management suite.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
valorisa34
- OpenVPN User
- Posts: 22
- Joined: Fri Nov 12, 2021 9:39 am
Post
by valorisa34 » Fri Nov 12, 2021 9:47 am
Hello,
I'm having a trouble getting EasyRSA 3.0.8 working on Windows 11 dev channel (Windows Insider) with the command '
./easyrsa build-ca nopass'. This is OpenVPN-2.5.4-I604-amd64.msi from
https://openvpn.net/community-downloads/
I follow this 'how to' (tuto) :
https://shebangthedolphins.net/vpn_open ... erver.html
Code: Select all
C:\Program Files\OpenVPN\easy-rsa>EasyRSA-Start.bat
Welcome to the EasyRSA 3 Shell for Windows.
Easy-RSA 3 is available under a GNU GPLv2 license.
Invoke './easyrsa' to call the program. Without commands, help is displayed.
EasyRSA Shell
EasyRSA Shell
# ./easyrsa build-ca nopass
Using SSL: openssl OpenSSL 1.1.1l 24 Aug 2021
Easy-RSA error:
The OpenSSL config file cannot be found.
Expected location: C:/Program Files/OpenVPN/easy-rsa/pki/openssl-easyrsa.cnf
EasyRSA Shell
EasyRSA Shell
# cp -iv openssl-easyrsa.cnf "C:/Program Files/OpenVPN/easy-rsa/pki/openssl-easyrsa.cnf"
openssl-easyrsa.cnf -> C:/Program Files/OpenVPN/easy-rsa/pki/openssl-easyrsa.cnf
EasyRSA Shell
# ./easyrsa build-ca nopass
Using SSL: openssl OpenSSL 1.1.1l 24 Aug 2021
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-15456.a07364/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmp8C67.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmp8C67.tmp
fd = 3
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-15456.a07364/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmp8D32.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmp8D32.tmp
fd = 3
Generating RSA private key, 2048 bit long modulus (2 primes)
.................................+++++
...................................+++++
e is 65537 (0x010001)
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-15456.a07364/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmp8EF7.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmp8EF7.tmp
fd = 3
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:DESKTOP-P2SN4KI
CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
C:/Program Files/OpenVPN/easy-rsa/pki/ca.crt
#
Thanks in advance.
Valorisa
Last edited by
valorisa34 on Fri Nov 12, 2021 2:44 pm, edited 3 times in total.
-
valorisa34
- OpenVPN User
- Posts: 22
- Joined: Fri Nov 12, 2021 9:39 am
Post
by valorisa34 » Fri Nov 12, 2021 10:23 am
Code: Select all
Microsoft Windows [version 10.0.22499.1000]
(c) Microsoft Corporation. Tous droits réservés.
C:\Windows\System32>cd C:\Program Files\OpenVPN\easy-rsa && EasyRSA-Start.bat
Welcome to the EasyRSA 3 Shell for Windows.
Easy-RSA 3 is available under a GNU GPLv2 license.
Invoke './easyrsa' to call the program. Without commands, help is displayed.
EasyRSA Shell
# ./easyrsa build-server-full server nopass
Using SSL: openssl OpenSSL 1.1.1l 24 Aug 2021
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD486.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD486.tmp
fd = 3
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD551.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD551.tmp
fd = 3
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD5FD.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD5FD.tmp
fd = 3
Generating a RSA private key
......................................................+++++
.....................+++++
writing new private key to 'C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.a01488'
-----
Easy-RSA error:
Unknown cert type 'server'
Easy-RSA error:
Failed to sign 'server'
EasyRSA Shell
Last edited by
valorisa34 on Fri Nov 12, 2021 12:27 pm, edited 1 time in total.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Fri Nov 12, 2021 12:25 pm
You got it working ?
-
valorisa34
- OpenVPN User
- Posts: 22
- Joined: Fri Nov 12, 2021 9:39 am
Post
by valorisa34 » Fri Nov 12, 2021 12:34 pm
TinCanTech wrote: ↑Fri Nov 12, 2021 12:25 pm
You got it working ?
For the copy of
openssl-easyrsa.cnf in the good location it's ok but now with the command : '
# ./easyrsa build-server-full server nopass' I obtain the error :
Code: Select all
# ./easyrsa build-server-full server nopass
Using SSL: openssl OpenSSL 1.1.1l 24 Aug 2021
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD486.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD486.tmp
fd = 3
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD551.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD551.tmp
fd = 3
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD5FD.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD5FD.tmp
fd = 3
Generating a RSA private key
......................................................+++++
.....................+++++
writing new private key to 'C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.a01488'
-----
Easy-RSA error:
Unknown cert type 'server'
Easy-RSA error:
Failed to sign 'server'
EasyRSA Shell
#
-
valorisa34
- OpenVPN User
- Posts: 22
- Joined: Fri Nov 12, 2021 9:39 am
Post
by valorisa34 » Fri Nov 12, 2021 2:07 pm
OpenVPN-2.5.4-I604-amd64 and
EasyRSA 3.0.8
Code: Select all
EasyRSA Shell
# ./easyrsa --version
EasyRSA Version Information
Version: 3.0.8
Generated: Wed Sep 16 07:52:24 CDT 2020
SSL Lib: OpenSSL 1.1.1l 24 Aug 2021
Git Commit: a9cecc747c419197d9540ccd46259559e271788a
Source Repo: https://github.com/OpenVPN/easy-rsa
-
valorisa34
- OpenVPN User
- Posts: 22
- Joined: Fri Nov 12, 2021 9:39 am
Post
by valorisa34 » Fri Nov 12, 2021 2:33 pm
valorisa34 wrote: ↑Fri Nov 12, 2021 10:23 am
Code: Select all
Microsoft Windows [version 10.0.22499.1000]
(c) Microsoft Corporation. Tous droits réservés.
C:\Windows\System32>cd C:\Program Files\OpenVPN\easy-rsa && EasyRSA-Start.bat
Welcome to the EasyRSA 3 Shell for Windows.
Easy-RSA 3 is available under a GNU GPLv2 license.
Invoke './easyrsa' to call the program. Without commands, help is displayed.
EasyRSA Shell
# ./easyrsa build-server-full server nopass
Using SSL: openssl OpenSSL 1.1.1l 24 Aug 2021
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD486.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD486.tmp
fd = 3
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD551.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD551.tmp
fd = 3
path = C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD5FD.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpD5FD.tmp
fd = 3
Generating a RSA private key
......................................................+++++
.....................+++++
writing new private key to 'C:/Program Files/OpenVPN/easy-rsa/pki/easy-rsa-14380.a06920/tmp.a01488'
-----
Easy-RSA error:
Unknown cert type 'server'
Easy-RSA error:
Failed to sign 'server'
EasyRSA Shell
Have other people seen this same problem ?
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Fri Nov 12, 2021 3:32 pm
Did you read the links above ?
-
valorisa34
- OpenVPN User
- Posts: 22
- Joined: Fri Nov 12, 2021 9:39 am
Post
by valorisa34 » Fri Nov 12, 2021 7:21 pm
" Workaround: create a directory with no spaces in the name, eg. C:\temp
In EasyRSA vars use set_var EASYRSA_TEMP_DIR "/temp"
and run build-ca "
-
valorisa34
- OpenVPN User
- Posts: 22
- Joined: Fri Nov 12, 2021 9:39 am
Post
by valorisa34 » Fri Nov 12, 2021 7:25 pm
Within the EasyRSA Shell ?
Aand if so, how exactly do you do that ?
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Fri Nov 12, 2021 7:29 pm
You should try the other solution ....
Copy ALL of Easy-RSA to C:\EasyRSA3 and run it from there.
And don't do it from within Easy-RSA just use Windblows...
-
valorisa34
- OpenVPN User
- Posts: 22
- Joined: Fri Nov 12, 2021 9:39 am
Post
by valorisa34 » Fri Nov 12, 2021 8:24 pm
OK I try it and I tell you the result.
-
valorisa34
- OpenVPN User
- Posts: 22
- Joined: Fri Nov 12, 2021 9:39 am
Post
by valorisa34 » Sat Nov 13, 2021 10:31 am
TinCanTech wrote: ↑Fri Nov 12, 2021 7:29 pm
You should try the other solution ....
Copy ALL of Easy-RSA to C:\EasyRSA3 and run it from there.
And don't do it from within Easy-RSA just use Windblows...
Folders and files copied from 'C:\Program Files\OpenVPN\easy-rsa' to 'C:\EasyRSA3' with the command '
C:\Program Files\OpenVPN\easy-rsa>cp -iRv * "C:\EasyRSA3" '. That's right ?
And now from cmd (with administrator rights) :
'
cd c:\EayRSA3',
'
EasyRSA-Start.bat' and follow the process.
'
# ./easyrsa init-pki'
'
# ./easyrsa build-ca nopass'
'
# ./easyrsa build-server-full server nopass'
'
# ./easyrsa gen-dh'
That's right ?
http://ibb.co/1K48B6z
Last edited by
valorisa34 on Sat Nov 13, 2021 12:03 pm, edited 4 times in total.
-
valorisa34
- OpenVPN User
- Posts: 22
- Joined: Fri Nov 12, 2021 9:39 am
Post
by valorisa34 » Sat Nov 13, 2021 10:38 am
Code: Select all
C:\>cd EasyRSA3
C:\EasyRSA3>dir
Le volume dans le lecteur C s’appelle Windows 11 Pro
Le numéro de série du volume est 8A79-EF7E
Répertoire de C:\EasyRSA3
13/11/2021 11:09 <DIR> .
13/11/2021 11:09 <DIR> bin
13/11/2021 11:05 5 009 ChangeLog
13/11/2021 11:05 1 256 COPYING.html
13/11/2021 11:05 1 305 COPYING.md
13/11/2021 11:09 <DIR> doc
13/11/2021 11:05 76 946 easyrsa
13/11/2021 11:05 204 EasyRSA-Start.bat
13/11/2021 11:09 <DIR> Licensing
13/11/2021 11:05 0 netsh
13/11/2021 11:05 4 616 openssl-easyrsa.cnf
13/11/2021 11:09 <DIR> pki
13/11/2021 11:05 4 263 README-Windows.txt
13/11/2021 11:05 2 195 README.html
13/11/2021 11:05 3 477 README.quickstart.html
13/11/2021 11:05 8 925 vars.example
13/11/2021 11:09 <DIR> x509-types
11 fichier(s) 108 196 octets
6 Rép(s) 56 666 116 096 octets libres
C:\EasyRSA3>EasyRSA-Start.bat
Welcome to the EasyRSA 3 Shell for Windows.
Easy-RSA 3 is available under a GNU GPLv2 license.
Invoke './easyrsa' to call the program. Without commands, help is displayed.
EasyRSA Shell
# ./easyrsa init-pki
WARNING!!!
You are about to remove the EASYRSA_PKI at: C:/EasyRSA3/pki
and initialize a fresh PKI here.
Type the word 'yes' to continue, or any other input to abort.
Confirm removal: yes
init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: C:/EasyRSA3/pki
EasyRSA Shell
# ./easyrsa build-ca nopass
Using SSL: openssl OpenSSL 1.1.1l 24 Aug 2021
Easy-RSA error:
The OpenSSL config file cannot be found.
Expected location: C:/EasyRSA3/pki/openssl-easyrsa.cnf
EasyRSA Shell
# cp /?
cp: missing destination file
Try `cp --help' for more information.
EasyRSA Shell
# cp -iv openssl-easyrsa.cnf " C:/EasyRSA3/pki/openssl-easyrsa.cnf"
openssl-easyrsa.cnf -> C:/EasyRSA3/pki/openssl-easyrsa.cnf
cp: cannot create regular file ` C:/EasyRSA3/pki/openssl-easyrsa.cnf': Invalid argument
EasyRSA Shell
# cp -iv openssl-easyrsa.cnf "C:/EasyRSA3/pki/openssl-easyrsa.cnf"
openssl-easyrsa.cnf -> C:/EasyRSA3/pki/openssl-easyrsa.cnf
EasyRSA Shell
# ./easyrsa build-ca nopass
Using SSL: openssl OpenSSL 1.1.1l 24 Aug 2021
path = C:/EasyRSA3/pki/easy-rsa-4356.a13700/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpC264.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpC264.tmp
fd = 3
path = C:/EasyRSA3/pki/easy-rsa-4356.a13700/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpC32F.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpC32F.tmp
fd = 3
Generating RSA private key, 2048 bit long modulus (2 primes)
..........................................................+++++
......................................................................................................................................+++++
e is 65537 (0x010001)
path = C:/EasyRSA3/pki/easy-rsa-4356.a13700/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpC533.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpC533.tmp
fd = 3
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:
CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
C:/EasyRSA3/pki/ca.crt
EasyRSA Shell
# ./easyrsa build-server-full server nopass
Using SSL: openssl OpenSSL 1.1.1l 24 Aug 2021
path = C:/EasyRSA3/pki/easy-rsa-10512.a05984/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmp211E.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmp211E.tmp
fd = 3
path = C:/EasyRSA3/pki/easy-rsa-10512.a05984/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmp21D9.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmp21D9.tmp
fd = 3
path = C:/EasyRSA3/pki/easy-rsa-10512.a05984/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmp22A4.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmp22A4.tmp
fd = 3
Generating a RSA private key
..................+++++
...+++++
writing new private key to 'C:/EasyRSA3/pki/easy-rsa-10512.a05984/tmp.a14212'
-----
Easy-RSA error:
Unknown cert type 'server'
Easy-RSA error:
Failed to sign 'server'
EasyRSA Shell
#
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Sat Nov 13, 2021 1:57 pm
What files are in x509-types folder ?
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Sat Nov 13, 2021 4:36 pm
Try this:
- Log off and then login to Windows - Clear all sessions
- Open an Administrator command prompt
-
Use \progra~1\ not \Program Files\
-
-
-
-
What happens ?
-
valorisa34
- OpenVPN User
- Posts: 22
- Joined: Fri Nov 12, 2021 9:39 am
Post
by valorisa34 » Sat Nov 13, 2021 7:11 pm
TinCanTech wrote: ↑Sat Nov 13, 2021 4:36 pm
Try this:
- Log off and then login to Windows - Clear all sessions
- Open an Administrator command prompt
-
Use \progra~1\ not \Program Files\
-
-
-
-
What happens ?
Same result :
Code: Select all
C:\EasyRSA3>cd\
C:\>cd \progra~1\openvpn\easy-rsa
C:\PROGRA~1\OpenVPN\easy-rsa>pwd
/cygdrive/c/PROGRA~1/OpenVPN/easy-rsa
C:\PROGRA~1\OpenVPN\easy-rsa>easyrsa-start.bat
Welcome to the EasyRSA 3 Shell for Windows.
Easy-RSA 3 is available under a GNU GPLv2 license.
Invoke './easyrsa' to call the program. Without commands, help is displayed.
EasyRSA Shell
# ./easyrsa init-pki
WARNING!!!
You are about to remove the EASYRSA_PKI at: C:/PROGRA~1/OpenVPN/easy-rsa/pki
and initialize a fresh PKI here.
Type the word 'yes' to continue, or any other input to abort.
Confirm removal: yes
init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: C:/PROGRA~1/OpenVPN/easy-rsa/pki
EasyRSA Shell
# ./build-ca nopass
bin/sh: ./build-ca: not found
EasyRSA Shell
# pwd
C:/PROGRA~1/OpenVPN/easy-rsa
EasyRSA Shell
# dir
COPYING.html Licensing bin openssl-easyrsa.cnf
COPYING.md README-Windows.txt doc pki
ChangeLog README.html easyrsa vars.example
EasyRSA-Start.bat README.quickstart.html netsh x509-types
EasyRSA Shell
# ./easyrsa build-ca nopass
Using SSL: openssl OpenSSL 1.1.1l 24 Aug 2021
Easy-RSA error:
The OpenSSL config file cannot be found.
Expected location: C:/PROGRA~1/OpenVPN/easy-rsa/pki/openssl-easyrsa.cnf
EasyRSA Shell
# pwd
C:/PROGRA~1/OpenVPN/easy-rsa
EasyRSA Shell
# ls
COPYING.html README.html openssl-easyrsa.cnf
COPYING.md README.quickstart.html pki
ChangeLog bin vars.example
EasyRSA-Start.bat doc x509-types
Licensing easyrsa
README-Windows.txt netsh
EasyRSA Shell
# cp -iv openssl-easyrsa.cnf "C:/PROGRA~1/OpenVPN/easy-rsa/pki/openssl-easyrsa.cnf"
openssl-easyrsa.cnf -> C:/PROGRA~1/OpenVPN/easy-rsa/pki/openssl-easyrsa.cnf
EasyRSA Shell
# ./easyrsa build-ca nopass
Using SSL: openssl OpenSSL 1.1.1l 24 Aug 2021
path = C:/PROGRA~1/OpenVPN/easy-rsa/pki/easy-rsa-5784.a11832/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpAB63.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpAB63.tmp
fd = 3
path = C:/PROGRA~1/OpenVPN/easy-rsa/pki/easy-rsa-5784.a11832/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpABFF.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpABFF.tmp
fd = 3
Generating RSA private key, 2048 bit long modulus (2 primes)
............+++++
..........................................................................+++++
e is 65537 (0x010001)
path = C:/PROGRA~1/OpenVPN/easy-rsa/pki/easy-rsa-5784.a11832/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmpAD96.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmpAD96.tmp
fd = 3
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:
CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
C:/PROGRA~1/OpenVPN/easy-rsa/pki/ca.crt
EasyRSA Shell
# ./easyrsa build-server-full server nopass
Using SSL: openssl OpenSSL 1.1.1l 24 Aug 2021
path = C:/PROGRA~1/OpenVPN/easy-rsa/pki/easy-rsa-9708.a01780/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmp30EF.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmp30EF.tmp
fd = 3
path = C:/PROGRA~1/OpenVPN/easy-rsa/pki/easy-rsa-9708.a01780/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmp319A.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmp319A.tmp
fd = 3
path = C:/PROGRA~1/OpenVPN/easy-rsa/pki/easy-rsa-9708.a01780/tmp.XXXXXX
lpPathBuffer = C:\Users\BERTRA~1\AppData\Local\Temp\
szTempName = C:\Users\BERTRA~1\AppData\Local\Temp\tmp3246.tmp
path = C:\Users\BERTRA~1\AppData\Local\Temp\tmp3246.tmp
fd = 3
Generating a RSA private key
.....................+++++
.....................................................................................................................................................+++++
writing new private key to 'C:/PROGRA~1/OpenVPN/easy-rsa/pki/easy-rsa-9708.a01780/tmp.a13424'
-----
Easy-RSA error:
Unknown cert type 'server'
Easy-RSA error:
Failed to sign 'server'
EasyRSA Shell
#
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Sat Nov 13, 2021 7:36 pm
I believe the problem is here (
easyrsa:line 1738):
Code: Select all
# Same as above for the x509-types extensions dir
if [ -d "$EASYRSA_PKI/x509-types" ]; then
set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/x509-types"
else
#TODO: This should be removed. Not really suitable for packaging.
set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
fi
If you feel confident to edit the source file then replace that(above) with this(below):
Code: Select all
# Same as above for the x509-types extensions dir
if [ -d "$EASYRSA_PKI/x509-types" ]; then
set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/x509-types"
elif [ -d "$EASYRSA/x509-types" ]; then
#TODO: This should be removed. Not really suitable for packaging.
set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
else
die "Missing x509-types folder"
fi
I have posted a patch here, which you will be testing:
https://github.com/OpenVPN/easy-rsa/pull/466
https://patch-diff.githubusercontent.co ... /466.patch