It is currently 14.12.2017 08:13


All times are UTC




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Problems Creating Extra Client Keys
PostPosted: 01.02.2010 10:27 
DES
DES

Joined: 01.02.2010 10:26
Posts: 2
Ok I initially created 16 client keys, thinking that would be enough even though there are only 7 vpn users.

A week later, an everyone all of a sudden needs vpn, so I need to create more keys.

The problem is that the windows computer used to create the keys has been formatted and turned into a pfsense box.

I still have the keys folder, and all the details used to create the keys (country, province, city, key-org, common name etc..)

So ive installed openvpn onto another windows pc, have put the keys folder into C:\Program Files\OpenVPN\easy-rsa, have recreated the vars.bat with the exact same details as before, and have tried creating more clients, but this is what I get:

C:\Program Files\OpenVPN\easy-rsa>build-key client17
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
...++++++
............++++++
writing new private key to 'keys\client17.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [UK]:
State or Province Name (full name) [LONDON]:
Locality Name (eg, city) [LONDON]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) []:###### (hashed out for privacy)
Common Name (eg, your name or your server's hostname) []:client17
Email Address [####@####.com]:(hashed out for privacy)

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from openssl.cnf
Loading 'screen' into random state - done
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'UK'
stateOrProvinceName :PRINTABLE:'LONDON'
localityName :PRINTABLE:'LONDON'
organizationName :PRINTABLE:'OpenVPN'
organizationalUnitName:PRINTABLE:###### (hashed out for privacy)
commonName :PRINTABLE:'client17'
emailAddress :IA5STRING:[####@####.com]:(hashed out for privacy)]
The stateOrProvinceName field needed to be the same in the
CA certificate (LONDON ) and the request (LONDON)
Could Not Find C:\Program Files\OpenVPN\easy-rsa\keys\*.old



Ok so the line "The stateOrProvinceName field needed to be the same in the CA certificate (LONDON ) and the request (LONDON)" looks like I might have had a couple spaces after "LONDON", however I tried rebuilding with 2 spaces but still get the output:

The stateOrProvinceName field needed to be the same in the
CA certificate (LONDON ) and the request (LONDON )

So not sure why thats happening or how to fix it.

Second thing is "Could Not Find C:\Program Files\OpenVPN\easy-rsa\keys\*.old" , I cant remembder these files in the keys folder before, how do I get around this ?

Is there something I am missing ? is it possible for me to create more keys by just having the keys folder with the vars.bat like it originally was ? I have tested the client17 key, and it does not work. Also, after creating more keys, do I need to re-generate the Diffie Hellman parameters and re-add it to the vpn server ?

Thanks in advance


Top
Offline Profile  
Reply with quote  
 Post subject: Re: Problems Creating Extra Client Keys
PostPosted: 04.02.2010 18:35 
openvpn.eu Admin
openvpn.eu Admin
User avatar

Joined: 23.01.2006 08:05
Posts: 3321
Location: near Vienna
Hello

It should be enough if you've got the keys directory to create new certificates. I can't tell you why it complains about this specific field.
You may try to dump the contents of the CA certificate, e.g. with openssl:
Code:
openssl x509 -in ca.crt -text -noout

There you might have a chance to see the white spaces. If you can't see them in the console, redirect the output into a file and inspect it with a text or hex editor.

You don't need to create a new DH-file because this file doesn't contain anything related to your certificates.

_________________
regards,
note
Please take a look at our rules. Besucht mal unsere Wiki !


Top
Offline Profile  
Reply with quote  
 Post subject: Re: Problems Creating Extra Client Keys
PostPosted: 08.02.2010 14:52 
DES
DES

Joined: 01.02.2010 10:26
Posts: 2
Ok I found the problem! Thanks for the reply note, I was able to look at the ca.crt file, and noticed that after "State or Province Name (full name) [LONDON]:" there was "\x09":

Subject: C=UK, ST=LONDON\x09, L=LONDON, O=OpenVPN

This was seen as just some spaces when trying to build a key, however \x09 is actually hex for the tab key, I must have pressed it by mistake when first creating the ca file, so basically now when building client keys, i just type LONDON then hit tab, then enter.

What I dont understand is how I managed to create the first 16 keys without pressing the tab key!

Anyway, thanks.


Top
Offline Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ]  Moderator: Moderators

All times are UTC


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Theme created StylerBB.net