pfannkuchen2001
Aktives Mitglied
Thread Starter
- Dabei seit
- 17.02.2006
- Beiträge
- 2.600
- Reaktionspunkte
- 48
Hi,
ich habe schon des öfteren (auf linux kisten) mit Easy-RSA Zertifikate für OpenVPN erstellt. Nun wollte ich das ganze auf einem Macosx Server machen. Leider läuft da immer etwas schief - hier das was ich gemacht hab:
Irgendeine Idee, was ich da falsch mache? oder wo der Feler liegen könnte?
Vielen Dank schonmal im Vorraus!
Grüße,
Pfannkuchen
ich habe schon des öfteren (auf linux kisten) mit Easy-RSA Zertifikate für OpenVPN erstellt. Nun wollte ich das ganze auf einem Macosx Server machen. Leider läuft da immer etwas schief - hier das was ich gemacht hab:
Code:
t64:Easy-Rsa ich$ . ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /usr/local/etc/openvpn/Easy-Rsa/keys
t64:Easy-Rsa ich$ ./clean-all
t64:Easy-Rsa ich$ ./build-ca
Generating a 1024 bit RSA private key
...............++++++
.....++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [DE]:
State or Province Name (full name) [TH]:
Locality Name (eg, city) [meineStadt]:
Organization Name (eg, company) [T64]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [T64 CA]:
Name []:
Email Address [me@myhost.mydomain]:
t64:Easy-Rsa ich$ ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
....................+.................................................................................+..........+............+.............................................................+......................+.....................................+.........+.................+.......................+..............................+.........................+..............................................+.....................+.....................+.......................+.................................+......+....................................................+.................................................+.........................................................+.............................................................+.......................................................................................+.................................+............+................................+.+......................................+.............+...........................................................................................+...................................................+........................+............................................................+...................................................+..........................................+..........................................+.............+.........................................................+.......+.........................................+....++*++*++*
t64:Easy-Rsa ich$ ./build-key-server OpenVPN_server01
Generating a 1024 bit RSA private key
...++++++
.......................................++++++
writing new private key to 'OpenVPN_server01.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [DE]:
State or Province Name (full name) [TH]:
Locality Name (eg, city) [meineStadt]:
Organization Name (eg, company) [T64]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [OpenVPN_server01]:
Name []:
Email Address [me@myhost.mydomain]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/local/etc/openvpn/Easy-Rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'DE'
stateOrProvinceName :PRINTABLE:'TH'
localityName :PRINTABLE:'meineStadt'
organizationName :PRINTABLE:'T64'
commonName :T61STRING:'OpenVPN_server01'
emailAddress :IA5STRING:'me@myhost.mydomain'
Certificate is to be certified until Oct 10 14:29:15 2020 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
t64:Easy-Rsa ich$ ./build-key-pass testuser
Generating a 1024 bit RSA private key
..........++++++
.....++++++
writing new private key to 'testuser.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [DE]:
State or Province Name (full name) [TH]:
Locality Name (eg, city) [meineStadt]:
Organization Name (eg, company) [T64]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [testuser]:
Name []:
Email Address [me@myhost.mydomain]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/local/etc/openvpn/Easy-Rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'DE'
stateOrProvinceName :PRINTABLE:'TH'
localityName :PRINTABLE:'meineStadt'
organizationName :PRINTABLE:'T64'
commonName :PRINTABLE:'testuser'
emailAddress :IA5STRING:'me@myhost.mydomain'
Certificate is to be certified until Oct 10 14:30:34 2020 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
t64:Easy-Rsa ich$ sudo /usr/local/Cellar/openvpn/2.1.1/sbin/openvpn --config /usr/local/etc/openvpn/server.conf
Password:
Wed Oct 13 16:30:49 2010 OpenVPN 2.1.1 i386-apple-darwin10.4.0 [SSL] [LZO2] built on Oct 11 2010
Wed Oct 13 16:30:49 2010 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Wed Oct 13 16:30:49 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Oct 13 16:30:49 2010 Diffie-Hellman initialized with 1024 bit key
Wed Oct 13 16:30:49 2010 Cannot load certificate file /usr/local/etc/openvpn/Easy-Rsa/keys/server01.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Wed Oct 13 16:30:49 2010 Exiting
t64:Easy-Rsa ich$
Irgendeine Idee, was ich da falsch mache? oder wo der Feler liegen könnte?
Vielen Dank schonmal im Vorraus!
Grüße,
Pfannkuchen