Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-21-2008, 07:25 AM   #1
LQ Newbie
Registered: Dec 2008
Posts: 1

Rep: Reputation: 0
OpenVPN key generation


I have a tricky problem and would appreciate any help i can get.

I have a OpenVPN structure based on PKI, i generate the certificates with the tools that come with OpenVPN(easy-rsa).
I have created a few clientcerts and a couple server certs and everything works fine.

Now to the problem. When i tried to create a new client certificate today with the ./build-key <name> command i get this:

Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys.

This is what i would get if i was doing this the first time and creating a new rootcert and so on. This is not what i want to do, if i create a new rootcert i must recreate all my server and clientcerts wich would be a real pain.
What could cause this behavior, the only thing i could think of that has changed is that the CA is located on a virtual machine and i moved it to another folder on the vmware host.

My Questions are. Have all settings been reset somehow? What caused this(so i can avoid it in the future)? And can i solve it somehow so i dont have to recreate all my certs ?

Hope this is understandable, please ask if its unclear.

If anyone have a solution for this or can point me in the right direction i would be very thankful!

Old 12-22-2008, 08:21 PM   #2
Registered: Feb 2008
Location: Texas
Distribution: Fedora, RHEL, CentOS
Posts: 488

Rep: Reputation: 78
i'm not familiar with OpenVPN(easy-rsa) regarding CA and keys but i've seen problems with other distributions/versions that had relative paths in openssl configuration file(s) which caused problems if you did not run the key-gen scripts in the correct directory you'd encounter similar problems...

I made it a habit to set static path(s) in appropriate config file(s) so that i could run the commands/scripts from anywhere and the correct files would be found. for example, an openssl.cnf will typically define dir = . but I'd modify it to be dir = /etc/pki/CA/ (or wherever).

hope this helps.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN client has not default gateway when connect to OpenVPN server sailershen Linux - Security 3 03-04-2010 03:20 AM
gnupg key generation error! gabsik Linux - Security 0 02-28-2008 10:08 PM
Openvpn key system paranoid times Linux - Software 0 02-22-2008 02:52 PM
OpenVPN Question : connecting 5-6 comps with OpenVPN duryodhan Linux - Networking 7 02-15-2007 11:28 PM
Key Generation and Freeradius metallica1973 Linux - Software 1 11-27-2006 09:01 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:32 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration