Comments (11)
Welcome to the EasyRSA 3 Shell for Windows.
Easy-RSA 3 is available under a GNU GPLv2 license.
Invoke './easyrsa' to call the program. Without commands, help is displayed.
EasyRSA Shell
# openssl dgst -sha256 ./easyrsa
SHA2-256(./easyrsa)= ecb827bbda82a2832fed8c7ac0e632c1f03fdb99ec5fd1409431245ae71cfc8a
from easy-rsa.
@Ceejus Thank you for this report.
I cannot replicate the problem here.
For testing, does ./easyrsa help
work ?
Also, after running (and failing to complete) init-pki
, is the pki
directory created with the sub-directories of private
, reqs
and inline
?
If the pki
is created, can you try to build the CA: ./easyrsa --npass build-ca
.
Also, try copying the file openssl-easyrsa.cnf
to the pki
manually and then try to build the CA again.
from easy-rsa.
Thanks.
Yes, ./easyrsa help
does work.
No, the pki
sub-directory isn't created. Should I create this folder manually?
from easy-rsa.
Try using the --verbose
option: ./easyrsa --verbose init-pki
from easy-rsa.
Welcome to the EasyRSA 3 Shell for Windows.
Easy-RSA 3 is available under a GNU GPLv2 license.
Invoke './easyrsa' to call the program. Without commands, help is displayed.
EasyRSA Shell
# ./easyrsa --verbose init-pki
> source_vars: EASYRSA_NO_VARS
> Using Windows-System-Folders for your PKI is NOT SECURE!
Your Easy-RSA PKI CA Private Key is WORLD readable.
To correct this problem, it is recommended that you either:
* Copy Easy-RSA to your User folders and run it from there, OR
* Define your PKI to be in your User folders. EG:
'easyrsa --pki-dir="C:/Users/<your-user-name>/easy-rsa/pki" <command>'
> mutual_exclusions: COMPLETED
> install_data_to_pki: x509-types-only - COMPLETED
> verify_working_env: COMPLETED
./easyrsa[7439]: cannot create C:/Program Files/OpenVPN/easy-rsa/pki/openssl-easyrsa.cnf: Input/output error
Easy-RSA error:
install_data_to_pki - Missing: 'openssl-easyrsa.cnf'
EasyRSA Version Information
Version: 3.1.7
Generated: Fri Oct 13 17:27:53 CDT 2023
SSL Lib: OpenSSL 3.1.4 24 Oct 2023 (Library: OpenSSL 3.1.4 24 Oct 2023)
Git Commit: 3c233d279d43e419b0529411ee62bba7a08f0c0f
Source Repo: https://github.com/OpenVPN/easy-rsa
Host: 3.1.7 | win | @(#)MIRBSD KSH R39-w32-beta14 $Date: 2013/06/28 21:28:57 $ |
> Exit: Final Fail = true
from easy-rsa.
Please try this command:
openssl dgst -sha256 ./easyrsa
from easy-rsa.
Please try this:
* Copy Easy-RSA to your User folders and run it from there
The problem is that Windows is being too secure.
Either use run-as-admin
easy-rsa/EasyRSA-Start.bat
, or copy easy-rsa/
folder to your home directory and run it from there.
from easy-rsa.
That worked. I saw the suggestion in a lot of different threads and should have just tried that from the get-go but the specific error message I was getting didn't seem to indicate it had anything to do with Windows (or Winblows as it's known as on here) security so I assumed I would just run into the same issue.
Quick question while we're on the topic though: would it more secure to run EasyRSA on an external SSD and perform this process on it as opposed to my C: drive?
from easy-rsa.
Thanks for testing.
In fact, Windblows is causing mkdir -p foo
to behave in the exact opposite manner to that described in the manual.
from easy-rsa.
Quick question while we're on the topic though: would it more secure to run EasyRSA on an external SSD and perform this process on it as opposed to my C: drive?
All certificates are public.
All keys are private.
The CA key is paramount.
How you prefer to secure your data is your decision.
I am not suitably qualified to advise on such broad topics.
The OpenVPN-Users mailing list is the recommended place to ask.
from easy-rsa.
from easy-rsa.
Related Issues (20)
- Global option `--copy-ext` is not included in UT HOT 1
- Any magic about the 64 bytes common-name length limit HOT 9
- Command `renew`: Move current `req/crt/key` files after `renew` has succeeded
- Add equivalent of `--req-*` but for `sign-req`. HOT 3
- Move all renew code to `easyrsa-tools.lib` HOT 1
- Add `easyrsa-tool.lib` to CI HOT 1
- Review `# comments` in code
- Remove ALL `renew` commands HOT 1
- Error using --startdate/--enddate HOT 2
- Status reports: Abandon command `show-renew`
- Abandon `display_cn()` Unused
- Remove `$EASYRSA_LEGACY_SAFE_SSL` and relevant code
- Remove `init-pki soft`, badly defined
- Resolve SSL human readable text of certs/reqs for EasyRSA
- Possible candidates for `easyrsa-tools.lib`
- CA Private Key will be encrypted with des-ede3-cbc during build-ca with OpenSSL 3.x HOT 7
- Add self-signed certificates to status reports
- Typo in 'verify-cert' output HOT 1
- Fully integrate self-signed certificates
- Remove `OPENSSL_CONF=/dev/null`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from easy-rsa.