[Openvpn-users] Easy-RSA: Generate Signing Requests on Same PKI

Tue, 29 Apr 2014 12:49:09 -0700 

Hi,




I’m trying to setup a scenario where I have a CA on some server and I’d like to 
generate requests and sign them on that same server. I can make this work to 
init the pki, build the CA, and generate one server certificate, like so:




./easyrsa init-pki
./easyrsa build-ca nopass


./easyrsa gen-req $HOSTNAME nopass
./easyrsa sign-req server $HOSTNAME




However when I try to more certificates (client in that case), I get an error:




userName=$1

./easyrsa gen-req $userName nopass # this works

./easyrsa sign-req client $userName # this doesn’t




The sign-req action fails when I execute it:




[root@vps93298 easyrsa3]# ./easyrsa sign-req client zobi
Using configuration from /home/easyrsa/easy-rsa/easyrsa3/openssl-1.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'FR'
stateOrProvinceName   :PRINTABLE:'IDF'
localityName          :PRINTABLE:'Paris'
organizationName      :PRINTABLE:'Something'
organizationalUnitName:PRINTABLE:'Private Signing Authority'
commonName            :PRINTABLE:'vps93298.somedomain.io'
emailAddress          :IA5STRING:'ad...@somedomain.io'
Certificate is to be certified until Apr 26 16:46:10 2024 GMT (3650 days)
failed to update database
TXT_DB error number 2




Easy-RSA error:




signing failed (openssl output above may have more detail)
[root@vps93298 easyrsa3]#




Is this not supported? I realize that the documentation says that signing 
requests are done on another system (or pki path I reckon) but it would be very 
useful to me to get all that to work on just one PKI.




Any help would be appreciated!




Regards,




A.​
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get 
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to