RE: Question on error creating server key

Jeff Gross Fri, 24 Mar 2006 13:28:39 -0800

New error.. this one is related to the definition
of the KEY_DIR.

If I just make the key_dir in vars read:  
set KEY_DIR=C:\OpenVPN\easy-rsa\keys


I get the following error:

Error opening CA private key C:\OpenVPN\easy-rsa\keysca.key
596:error:02001002:system library:fopen:No such file or
directory:.\crypto\bio\b
ss_file.c:278:fopen('C:\OpenVPN\easy-rsa\keysca.key','rb')
596:error:20074002:BIO routines:FILE_CTRL:system
lib:.\crypto\bio\bss_file.c:280
:
unable to load CA private key

if I copy the ca.key as keysca.key along with the other files
(keysindex, keysca.key, etc)
into the next dir up, (c:\openvpn\easy-rsa)  I can create the server key
successfully.

So somewhere there is some kind of problem with the key_dir variable. 
it's not inserting the backslash after the KEY_DIR definition.
If I put in a backslash, it errors out completely.


I'm not sure if it's in the openssl.cnf or vars.bat

My VARS.BAT:
=====<snip>==========================================
@echo off
set HOME=C:\OpenVPN\easy-rsa
set KEY_CONFIG=C:\OpenVPN\easy-rsa\openssl.cnf

set KEY_DIR=C:\OpenVPN\easy-rsa\keys

set KEY_SIZE=1024
set KEY_COUNTRY=US
set KEY_PROVINCE=PA
set KEY_CITY=Bensalem
set KEY_ORG=company
set [EMAIL PROTECTED]
======<snip>=========================================

The suspect section of Openssl.cnf:
======<snip>==========================================
HOME                    = .
RANDFILE                = $ENV::HOME/.rnd

oid_section             = new_oids
[ new_oids ]
####################################################################
[ ca ]
default_ca      = CA_default            # The default ca section

####################################################################
[ CA_default ]

dir             = $ENV::KEY_DIR         # Where everything is kept
certs           = $dir                  # Where the issued certs are
kept
crl_dir         = $dir                  # Where the issued crl are kept
database        = $dir\index.txt        # database index file.
new_certs_dir   = $dir                  # default place for new certs.

certificate     = $dir\ca.crt           # The CA certificate
serial          = $dir\serial           # The current serial number
crl             = $dir\crl.pem          # The current CRL
private_key     = $dir\ca.key           # The private key
RANDFILE        = $dir\.rand            # private random number file

x509_extensions = usr_cert              # The extentions to add to the
cert
=====<snip>=============================================================
======

Somehow the KEY_DIR is not getting the backslash inserted or the
where the name of the key to use, the backslash is missing. I'm really
not
sure why it's not working. 



-=Jeff Gross=-
Tucker Industries
3170 Tucker Road
Bensalem, PA 19020
* 215-638-1900 [phone]
* 215-638-3477 [fax]
* 267-496-0350 [cell]
www.tuckerind.com

<<winmail.dat>>

RE: Question on error creating server key

Reply via email to