Many thanks for the answer
The dir has write privileges for all groups.
after set echo 1
i encounter now this error just after this command
openssl ca -batch -days 3650 -out "/etc/openvpn/keys/SERVER.crt" -in
"/etc/openvpn/keys/SERVER.csr" -extensions server -md sha1 -config
"/etc/openvpn/openssl.cnf"
error while loading serial number
12160:error:02001002:system library:fopen:No such file or
directory:bss_file.c:352:fopen('/etc/openvpn/keys/serial','r')
-------- Message initial --------
De: Kyle Hamilton <aerow...@gmail.com>
Reply-to: openssl-users@openssl.org
À: openssl-users@openssl.org
Sujet: Re: index.txt: library:fopen:No such file or
directory ...index.txt when generate csr key.
Date: Sun, 3 May 2009 17:06:14 -0700
You need to "mkdir -p /etc/openvpn/keys; echo 1 >
/etc/openvpn/keys/index.txt". This needs to be done as root.
Otherwise, you need to change the "dir=/etc/openvpn/keys" line to a
directory that you have write access to, then 'echo 1 > index.txt' in
that directory.
-Kyle H
On Sun, May 3, 2009 at 2:52 PM, David Touzeau <da...@touzeau.eu> wrote:
> Dear
> I'm trying to genrate opevpn keys.
>
> sequences :
>
> openssl req -batch -days 3650 -nodes -new -newkey rsa:1024 -sha1 -x509
> -keyout "/etc/openvpn/keys/ca.key" -out "/etc/openvpn/keys/ca.crt" -config
> /etc/openvpn/openssl.cnf
>
> openssl req -batch -days 3650 -nodes -new -newkey rsa:1024 -keyout -out
> "/etc/openvpn/keys/SERVER.csr" -extensions server -config
> "/etc/openvpn/openssl.cnf"
>
> openssl ca -batch -days 3650 -out "/etc/openvpn/keys/SERVER.crt" -in
> "/etc/openvpn/keys/SERVER.csr" -extensions server -md sha1 -config
> "/etc/openvpn/openssl.cnf"
>
> Using configuration from /etc/openvpn/openssl.cnf
> /etc/openvpn/keys/index.txt: No such file or directory
> unable to open '/etc/openvpn/keys/index.txt'
> 9811:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:352:fopen('/etc/openvpn/keys/index.txt','r')
> 9811:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
>
> Did i miss something ?
>
> here it is the openssl.cnf
>
> HOME= .
> RANDFILE= /root/.rnd
> openssl_conf= openssl_init
>
> [ openssl_init ]
> oid_section= new_oids
> engines = engine_section
> [ new_oids ]
> [ ca ]
> default_ca= CA_default
> [ CA_default ]
>
> dir= /etc/openvpn/keys
> certs= $dir # Where the issued certs are kept
> crl_dir= $dir # Where the issued crl are kept
> database= $dir/index.txt # database index file.
> new_certs_dir= $dir # default place for new certs.
> certificate= $dir/ca.crt # The CA certificate
> serial= $dir/serial # The current serial number
> crl= $dir/crl.pem # The current CRL
> private_key= $dir/ca.key # The private key
> RANDFILE= $dir/.rand # private random number file
>
> x509_extensions= usr_cert # The extentions to add to the cert
> default_days= 3650 # how long to certify for
> default_crl_days= 30 # how long before next CRL
> default_md= md5 # which md to use.
> preserve= no # keep passed DN ordering
> policy= policy_anything
>
> [ policy_match ]
> countryName= match
> stateOrProvinceName= match
> organizationName= match
> organizationalUnitName= optional
> commonName= supplied
> emailAddress= optional
> [ policy_anything ]
> countryName= optional
> stateOrProvinceName= optional
> localityName= optional
> organizationName= optional
> organizationalUnitName= optional
> commonName= supplied
> emailAddress= optional
> [ req ]
> default_bits= 1024
> default_keyfile = privkey.pem
> distinguished_name= req_distinguished_name
> attributes= req_attributes
> x509_extensions= v3_ca
>
> # Passwords for private keys if not present they will be prompted for
> # input_password= secret
> # output_password= secret
> string_mask= nombstr
>
> [ req_distinguished_name ]
> countryName= Country Name (2 letter code)
> countryName_default= US
> countryName_min= 2
> countryName_max= 2
> stateOrProvinceName= State or Province Name (full name)
> stateOrProvinceName_default= New York
> localityName= Locality Name (eg, city)
> localityName_default= New York
> 0.organizationName= Organization Name (eg, company)
> 0.organizationName_default= Organization
> organizationalUnitName= Organizational Unit Name (eg, section)
> commonName= Common Name (eg, your name or your server\'s hostname)
> commonName_max= 64
> emailAddress= Email Address
> emailAddress_default= yourm...@localhost.localdomain
> emailAddress_max= 40
> organizationalUnitName_default= Organization
> commonName_default= Organization CA
> [ req_attributes ]
> challengePassword= A challenge password
> challengePassword_min= 4
> challengePassword_max= 20
> unstructuredName= An optional company name
>
> [ usr_cert ]
> basicConstraints=CA:FALSE
> nsComment= "Easy-RSA Generated Certificate"
> subjectKeyIdentifier=hash
> authorityKeyIdentifier=keyid,issuer:always
> extendedKeyUsage=clientAuth
> keyUsage= digitalSignature
> [ server ]
> basicConstraints=CA:FALSE
> nsCertType= server
> nsComment= "Easy-RSA Generated Server Certificate"
> subjectKeyIdentifier=hash
> authorityKeyIdentifier=keyid,issuer:always
> extendedKeyUsage=serverAuth
> keyUsage= digitalSignature, keyEncipherment
>
> [ v3_req ]
> basicConstraints= CA:FALSE
> keyUsage= nonRepudiation, digitalSignature, keyEncipherment
> [ v3_ca ]
> subjectKeyIdentifier=hash
> authorityKeyIdentifier=keyid:always,issuer:always
> basicConstraints= CA:true
> [ crl_ext ]
> authorityKeyIdentifier=keyid:always,issuer:always
>
> [ engine_section ]
> [ pkcs11_section ]
> engine_id= pkcs11
> dynamic_path= /usr/lib/engines/engine_pkcs11.so
> MODULE_PATH= dummy
> PIN= dummy
> init= 0
>
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
