Comments (11)
Welcome to the EasyRSA 3 Shell for Windows.
Easy-RSA 3 is available under a GNU GPLv2 license.
Invoke './easyrsa' to call the program. Without commands, help is displayed.
EasyRSA Shell
# openssl dgst -sha256 ./easyrsa
SHA2-256(./easyrsa)= ecb827bbda82a2832fed8c7ac0e632c1f03fdb99ec5fd1409431245ae71cfc8a
from easy-rsa.
@Ceejus Thank you for this report.
I cannot replicate the problem here.
For testing, does ./easyrsa help
work ?
Also, after running (and failing to complete) init-pki
, is the pki
directory created with the sub-directories of private
, reqs
and inline
?
If the pki
is created, can you try to build the CA: ./easyrsa --npass build-ca
.
Also, try copying the file openssl-easyrsa.cnf
to the pki
manually and then try to build the CA again.
from easy-rsa.
Thanks.
Yes, ./easyrsa help
does work.
No, the pki
sub-directory isn't created. Should I create this folder manually?
from easy-rsa.
Try using the --verbose
option: ./easyrsa --verbose init-pki
from easy-rsa.
Welcome to the EasyRSA 3 Shell for Windows.
Easy-RSA 3 is available under a GNU GPLv2 license.
Invoke './easyrsa' to call the program. Without commands, help is displayed.
EasyRSA Shell
# ./easyrsa --verbose init-pki
> source_vars: EASYRSA_NO_VARS
> Using Windows-System-Folders for your PKI is NOT SECURE!
Your Easy-RSA PKI CA Private Key is WORLD readable.
To correct this problem, it is recommended that you either:
* Copy Easy-RSA to your User folders and run it from there, OR
* Define your PKI to be in your User folders. EG:
'easyrsa --pki-dir="C:/Users/<your-user-name>/easy-rsa/pki" <command>'
> mutual_exclusions: COMPLETED
> install_data_to_pki: x509-types-only - COMPLETED
> verify_working_env: COMPLETED
./easyrsa[7439]: cannot create C:/Program Files/OpenVPN/easy-rsa/pki/openssl-easyrsa.cnf: Input/output error
Easy-RSA error:
install_data_to_pki - Missing: 'openssl-easyrsa.cnf'
EasyRSA Version Information
Version: 3.1.7
Generated: Fri Oct 13 17:27:53 CDT 2023
SSL Lib: OpenSSL 3.1.4 24 Oct 2023 (Library: OpenSSL 3.1.4 24 Oct 2023)
Git Commit: 3c233d279d43e419b0529411ee62bba7a08f0c0f
Source Repo: https://github.com/OpenVPN/easy-rsa
Host: 3.1.7 | win | @(#)MIRBSD KSH R39-w32-beta14 $Date: 2013/06/28 21:28:57 $ |
> Exit: Final Fail = true
from easy-rsa.
Please try this command:
openssl dgst -sha256 ./easyrsa
from easy-rsa.
Please try this:
* Copy Easy-RSA to your User folders and run it from there
The problem is that Windows is being too secure.
Either use run-as-admin
easy-rsa/EasyRSA-Start.bat
, or copy easy-rsa/
folder to your home directory and run it from there.
from easy-rsa.
That worked. I saw the suggestion in a lot of different threads and should have just tried that from the get-go but the specific error message I was getting didn't seem to indicate it had anything to do with Windows (or Winblows as it's known as on here) security so I assumed I would just run into the same issue.
Quick question while we're on the topic though: would it more secure to run EasyRSA on an external SSD and perform this process on it as opposed to my C: drive?
from easy-rsa.
Thanks for testing.
In fact, Windblows is causing mkdir -p foo
to behave in the exact opposite manner to that described in the manual.
from easy-rsa.
Quick question while we're on the topic though: would it more secure to run EasyRSA on an external SSD and perform this process on it as opposed to my C: drive?
All certificates are public.
All keys are private.
The CA key is paramount.
How you prefer to secure your data is your decision.
I am not suitably qualified to advise on such broad topics.
The OpenVPN-Users mailing list is the recommended place to ask.
from easy-rsa.
from easy-rsa.
Related Issues (20)
- Add CA certificate to expiry report `show-expire`
- Revert changes made for Windows 10/11 `mkdir -p` failure
- `dev/easyrsa-tools.lib` missing in release build HOT 1
- mandatory SAN HOT 16
- EasyRSA Behavior Change - 3.0.8 - 3.2.0 - EASYRSA_REQ_CN / --req-cn /--subject-alt-name HOT 18
- LibreSSL: `build-*-full` uses an incorrect SSL config file HOT 1
- UT failure from `easyrsa-tools.lib` for command `show-expire`
- Importing the CA certificates for OpenVPN clients and internal domains. HOT 1
- Outline use and expansion of `openssl-easyrsa.cnf` HOT 1
- Windows 7: `gen-crl` always prompts for over-write
- `display_dn()`: Remove unnecessary subshell
- `sign-req`: `--cop-ext` is removed by `--force-safe-ssl`
- Command `write`: Allow to specify target file instead of directory
- Use of `revoke` when `revoke-expired` is intended
- one location HOT 1
- Command `revoke` must not move key and request files
- `gen-req` overwrites an existing request without confirmation
- Need Guide for Upgrading 3.0.8 to 3.1.1 HOT 1
- Understanding how to renew/revoke HOT 2
- subjectAltName should be mandatory HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from easy-rsa.