Hi Johan, Johan Vermeulen wrote: > Dear All, > > since a long time we have an Openvpn-server, now on Centos6, > originaly setup on OpenSuse > > [root@caw-server1 2.0]# rpm -qa openvpn > openvpn-2.3.1-3.el6.x86_64 > > It is very reliable, and my only activity on it, is generate new client > keys. > > Not sure what happened -- a ./clean-all could have been run on it -- but > since last week, I'm unable to generate new client keys. > > [root@caw-server1 2.0]# source ./vars > NOTE: If you run ./clean-all, I will be doing a rm -rf on > /usr/share/openvpn/easy-rsa/2.0/keys > [root@caw-server1 2.0]# ./build-key testjohan > pkitool: Need a readable ca.crt and ca.key in > /usr/share/openvpn/easy-rsa/2.0/keys > Try pkitool --initca to build a root certificate/key. > > look inside the directory /usr/share/openvpn/easy-rsa/2.0/keys and see if you can find a ca.crt and ca.key file there; you can post an 'ls -l' if you like. If they are not there then a './clean-all' was run most likely. I hope you have a backup somewhere :)
> The EM is straightforward enough, but I'm unsure on how to proceed. > > As far as I can tell the important files are in /etc/pki/tls/certs/ : > [root@caw-server1 certs]# ls > ca-bundle.crt ca-bundle.trust.crt ca.pem make-dummy-cert Makefile > servercert.pem serverkey.pem slapd.pem > > as is reflected in /etc/openvpn/server.conf : > > ca /etc/pki/tls/certs/ca.pem > cert /etc/pki/tls/certs/servercert.pem > key /etc/pki/tls/certs/serverkey.pem > > These are the keys used for openvpn ; key management (generation) is separated from key usage by OpenVPN; the ca.pem and servercert+serverkey are not sufficient to generated new client keys. You will need a ca.crt (or ca.pem) and ca.key file for that. HTH, JJK PS The openssl version does not matter in this case, as CentOS 6 is new enough; you could/should consider upgrading to 6.5 , however. ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
