Hello community, I have a problem with creation of certificates to a self-written web-frontend.
The situation: I want to create a more secure access of our network with openvpn. So far connection via openvpn and manual creation of certificates and keys works as expected. OpenVPN uses easy-rsa in version 2.0 to create the certificates. To provide a more simple administration interface I have written a web-frontend for our supervisors to easily create and revoke certificates. The interface is written in PHP5 and uses a local TCP/IP-Socket to communicate with the script responsible for creation of certificates. The xinetd-superserver provides the access to the bash-script over TCP/IP. When I call the bash-script as root from command-line everything works fine. I can also call the bash-script via sudo from command-line with no problems. When I call the bash-script via web-frontend I get the following error message: 18178:error:0906906F:PEM routines:PEM_ASN1_write_bio:read key:pem_lib.c:334: I googled the whole last week for that problem and found only sites that claims this as a bug in openssl. Mostly this was related to sudo with versions of openssl minor 0.9.8o-4squeeze1 for debian6 users, as discribed here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397730 . I already updated my debian5 to debian6 and checked the version of openssl to be at least 0.9.8o. Unfortunatly the error still occures. When the error occures neither a .crt nor a .csr file is created by the script. As far as I can tell this is related to .rand-file, which is in some way not accessable by the script when called via web-frontend. I made sure that this file exists and the absolute path is known by the script, but for some reason it seems that the script doesn't find it, when called via web-frontend. I also tried to call the script from a non- privileged user account. I get whole different error-messages, which I did expect, so I guess it is not a rights-problems of the web-frontend. Any further hints? Thanks in advance and best regards Benjamin Kiepke ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
