Encrypting CA keys

Sat, 09 May 2009 15:06:27 -0700 

I want to generate encrypted private keys for my openvpn server/clients, so I'm 
using the scripts bundled with it.  For some reason, I can't get it to generate 
encrypted CA keys.  This is my script:

@echo off
cd %HOME%
openssl req -days 1097 -sha1 -new -keyout D:\\OpenVPN\\easy-rsa\\keys\\%1.key 
-out D:\\OpenVPN\\easy-rsa\\keys\\%1.csr -config %KEY_CONFIG%
openssl ca -days 1097 -md sha1 -out D:\\OpenVPN\\easy-rsa\\keys\\%1.crt -in 
D:\\OpenVPN\\easy-rsa\\keys\\%1.csr -config %KEY_CONFIG%

It seems to fail at the second line.  After generating the key, I am prompted 
for the password a second time, and that's when it fails. I don't know why it 
says ca.crt not found, when that is what it is supposed to be generating.  Here 
is the output from the entire operation:

D:\OpenVPN\easy-rsa>build-ca-pass ca
Loading 'screen' into random state - done
Generating a 2048 bit RSA private key
.........+++
.........................................+++
writing new private key to 'D:\\OpenVPN\\easy-rsa\\keys\\ca.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CA]:
State or Province Name (full name) [CA]:OHI
Locality Name (eg, city) [CA]:KIMM
Organization Name (eg, company) [none]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:CA-WORLD
Email Address [m...@host.domain]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from openssl.cnf
Loading 'screen' into random state - done
Enter pass phrase for D:\OpenVPN\easy-rsa\keys\ca.key:
Error opening CA certificate D:\OpenVPN\easy-rsa\keys\ca.crt
3728:error:02001002:system library:fopen:No such file or 
directory:.\crypto\bio\bss_file.c:356:fopen('D:\OpenVPN\easy-rsa\key
s\ca.crt','rb')
3728:error:20074002:BIO routines:FILE_CTRL:system 
lib:.\crypto\bio\bss_file.c:358:
unable to load certificate

D:\OpenVPN\easy-rsa>

Please advise, Thanks.


-- 
Be Yourself @ mail.com!
Choose From 200+ Email Addresses
Get a Free Account at www.mail.com

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to