I want to generate encrypted private keys for my openvpn server/clients, so I'm using the scripts bundled with it. For some reason, I can't get it to generate encrypted CA keys. This is my script:
@echo off cd %HOME% openssl req -days 1097 -sha1 -new -keyout D:\\OpenVPN\\easy-rsa\\keys\\%1.key -out D:\\OpenVPN\\easy-rsa\\keys\\%1.csr -config %KEY_CONFIG% openssl ca -days 1097 -md sha1 -out D:\\OpenVPN\\easy-rsa\\keys\\%1.crt -in D:\\OpenVPN\\easy-rsa\\keys\\%1.csr -config %KEY_CONFIG% It seems to fail at the second line. After generating the key, I am prompted for the password a second time, and that's when it fails. I don't know why it says ca.crt not found, when that is what it is supposed to be generating. Here is the output from the entire operation: D:\OpenVPN\easy-rsa>build-ca-pass ca Loading 'screen' into random state - done Generating a 2048 bit RSA private key .........+++ .........................................+++ writing new private key to 'D:\\OpenVPN\\easy-rsa\\keys\\ca.key' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [CA]: State or Province Name (full name) [CA]:OHI Locality Name (eg, city) [CA]:KIMM Organization Name (eg, company) [none]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:CA-WORLD Email Address [m...@host.domain]: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from openssl.cnf Loading 'screen' into random state - done Enter pass phrase for D:\OpenVPN\easy-rsa\keys\ca.key: Error opening CA certificate D:\OpenVPN\easy-rsa\keys\ca.crt 3728:error:02001002:system library:fopen:No such file or directory:.\crypto\bio\bss_file.c:356:fopen('D:\OpenVPN\easy-rsa\key s\ca.crt','rb') 3728:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:358: unable to load certificate D:\OpenVPN\easy-rsa> Please advise, Thanks. -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org