Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I have a tricky problem and would appreciate any help i can get.
I have a OpenVPN structure based on PKI, i generate the certificates with the tools that come with OpenVPN(easy-rsa).
I have created a few clientcerts and a couple server certs and everything works fine.
Now to the problem. When i tried to create a new client certificate today with the ./build-key <name> command i get this:
Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys.
This is what i would get if i was doing this the first time and creating a new rootcert and so on. This is not what i want to do, if i create a new rootcert i must recreate all my server and clientcerts wich would be a real pain.
What could cause this behavior, the only thing i could think of that has changed is that the CA is located on a virtual machine and i moved it to another folder on the vmware host.
My Questions are. Have all settings been reset somehow? What caused this(so i can avoid it in the future)? And can i solve it somehow so i dont have to recreate all my certs ?
Hope this is understandable, please ask if its unclear.
If anyone have a solution for this or can point me in the right direction i would be very thankful!
i'm not familiar with OpenVPN(easy-rsa) regarding CA and keys but i've seen problems with other distributions/versions that had relative paths in openssl configuration file(s) which caused problems if you did not run the key-gen scripts in the correct directory you'd encounter similar problems...
I made it a habit to set static path(s) in appropriate config file(s) so that i could run the commands/scripts from anywhere and the correct files would be found. for example, an openssl.cnf will typically define dir = . but I'd modify it to be dir = /etc/pki/CA/ (or wherever).