LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-21-2008, 06:25 AM   #1
chillster
LQ Newbie
 
Registered: Dec 2008
Posts: 1

Rep: Reputation: 0
OpenVPN key generation


Hi,

I have a tricky problem and would appreciate any help i can get.

I have a OpenVPN structure based on PKI, i generate the certificates with the tools that come with OpenVPN(easy-rsa).
I have created a few clientcerts and a couple server certs and everything works fine.

Now to the problem. When i tried to create a new client certificate today with the ./build-key <name> command i get this:

Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys.


This is what i would get if i was doing this the first time and creating a new rootcert and so on. This is not what i want to do, if i create a new rootcert i must recreate all my server and clientcerts wich would be a real pain.
What could cause this behavior, the only thing i could think of that has changed is that the CA is located on a virtual machine and i moved it to another folder on the vmware host.

My Questions are. Have all settings been reset somehow? What caused this(so i can avoid it in the future)? And can i solve it somehow so i dont have to recreate all my certs ?

Hope this is understandable, please ask if its unclear.

If anyone have a solution for this or can point me in the right direction i would be very thankful!

Regards
Chillster
 
Old 12-22-2008, 07:21 PM   #2
rayfordj
Member
 
Registered: Feb 2008
Location: Texas
Distribution: Fedora, RHEL, CentOS
Posts: 475

Rep: Reputation: 73
i'm not familiar with OpenVPN(easy-rsa) regarding CA and keys but i've seen problems with other distributions/versions that had relative paths in openssl configuration file(s) which caused problems if you did not run the key-gen scripts in the correct directory you'd encounter similar problems...

I made it a habit to set static path(s) in appropriate config file(s) so that i could run the commands/scripts from anywhere and the correct files would be found. for example, an openssl.cnf will typically define dir = . but I'd modify it to be dir = /etc/pki/CA/ (or wherever).

hope this helps.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN client has not default gateway when connect to OpenVPN server sailershen Linux - Security 3 03-04-2010 02:20 AM
gnupg key generation error! gabsik Linux - Security 0 02-28-2008 09:08 PM
Openvpn key system paranoid times Linux - Software 0 02-22-2008 01:52 PM
OpenVPN Question : connecting 5-6 comps with OpenVPN duryodhan Linux - Networking 7 02-15-2007 10:28 PM
Key Generation and Freeradius metallica1973 Linux - Software 1 11-27-2006 08:01 PM


All times are GMT -5. The time now is 07:44 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration