Question on error creating server key

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Question on error creating server key

Jeff Gross-2
Hi,

I'm new to all this, thank God I found this forum....

When I build the server key using command :      build-key-server server

I keep getting the following error:

Error opening CA private key "C:\Program Files\OpenVPN\easy-rsa\keys"/ca.key
2648:error:0200107B:system library:fopen:Unknown error:.\crypto\bio\bss_file.c:278:fopen('"C:\Program Files\OpenVPN\easy-rsa\keys"/ca.key','rb')
2648:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:280:
unable to load CA private key
Could Not Find C:\Program Files\OpenVPN\easy-rsa\keys\*.old

I've set the paths using these statements in the batch file:

set KEY_DIR="C:\Program Files\OpenVPN\easy-rsa\keys"
set KEY_CONFIG="C:\Program Files\OpenVPN\easy-rsa\openssl.cnf"

What's the deal with bss_file.c?  Is this supposed to be on my windows2000 server box?

Am I forgetting something?  
I've been screwing around with this for a day and a half.

Somebody please help!

Thanks.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Question on error creating server key

Dr. Stephen Henson
On Fri, Mar 24, 2006, Jeff Gross wrote:

> Hi,
>
> I'm new to all this, thank God I found this forum....
>
> When I build the server key using command :      build-key-server server
>
> I keep getting the following error:
>
> Error opening CA private key "C:\Program Files\OpenVPN\easy-rsa\keys"/ca.key
> 2648:error:0200107B:system library:fopen:Unknown error:.\crypto\bio\bss_file.c:278:fopen('"C:\Program Files\OpenVPN\easy-rsa\keys"/ca.key','rb')
> 2648:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:280:
> unable to load CA private key
> Could Not Find C:\Program Files\OpenVPN\easy-rsa\keys\*.old
>
> I've set the paths using these statements in the batch file:
>
> set KEY_DIR="C:\Program Files\OpenVPN\easy-rsa\keys"
> set KEY_CONFIG="C:\Program Files\OpenVPN\easy-rsa\openssl.cnf"
>
> What's the deal with bss_file.c?  Is this supposed to be on my windows2000 server box?
>
> Am I forgetting something?  
> I've been screwing around with this for a day and a half.
>
> Somebody please help!
>

Well it looks like you are using some other package (OpenVPN?) which has its
own custom batch files which aren't working properly.

That "bss_file.c" is just to help debug problems. It is indicating the OpenSSL
source file that produced the error.

The first line is a clue:

> Error opening CA private key "C:\Program Files\OpenVPN\easy-rsa\keys"/ca.key

does that file exist? Is it readable?

However since these aren't standard OpenSSL scripts I can't say much more.
You'd get better results asking in any public forum for the package that
included those scripts.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Question on error creating server key

Jeff Gross-2
In reply to this post by Jeff Gross-2
Yes, I'm ironing it out now.

One problem seems to be the path statements under c:\program Files
No matter how I format it, it's placing quotes "C:\Program
Files\Openvpn\......"
So I just reinstalled the package to the root of c, now I'm at
c:\Openvpn\Easy-Rsa ,and things are going much smoother.

The other issue is definitely my lack of understanding of the
openssl.cnf file.
That too I'm starting to catch onto.

Everyone's suggestions have helped tremendously.  

Thanks.

*/Jeff/*


-----Original Message-----
From: [hidden email]
[mailto:[hidden email]]On Behalf Of Dr. Stephen Henson
Sent: Friday, March 24, 2006 1:40 PM
To: [hidden email]
Subject: Re: Question on error creating server key


On Fri, Mar 24, 2006, Jeff Gross wrote:

> Hi,
>
> I'm new to all this, thank God I found this forum....
>
> When I build the server key using command :      build-key-server
server
>
> I keep getting the following error:
>
> Error opening CA private key "C:\Program
Files\OpenVPN\easy-rsa\keys"/ca.key
> 2648:error:0200107B:system library:fopen:Unknown
error:.\crypto\bio\bss_file.c:278:fopen('"C:\Program
Files\OpenVPN\easy-rsa\keys"/ca.key','rb')
> 2648:error:20074002:BIO routines:FILE_CTRL:system
lib:.\crypto\bio\bss_file.c:280:
> unable to load CA private key
> Could Not Find C:\Program Files\OpenVPN\easy-rsa\keys\*.old
>
> I've set the paths using these statements in the batch file:
>
> set KEY_DIR="C:\Program Files\OpenVPN\easy-rsa\keys"
> set KEY_CONFIG="C:\Program Files\OpenVPN\easy-rsa\openssl.cnf"
>
> What's the deal with bss_file.c?  Is this supposed to be on my
windows2000 server box?
>
> Am I forgetting something?  
> I've been screwing around with this for a day and a half.
>
> Somebody please help!
>

Well it looks like you are using some other package (OpenVPN?) which has
its
own custom batch files which aren't working properly.

That "bss_file.c" is just to help debug problems. It is indicating the
OpenSSL
source file that produced the error.

The first line is a clue:

> Error opening CA private key "C:\Program
Files\OpenVPN\easy-rsa\keys"/ca.key

does that file exist? Is it readable?

However since these aren't standard OpenSSL scripts I can't say much
more.
You'd get better results asking in any public forum for the package that
included those scripts.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Question on error creating server key

Jeff Gross-2
In reply to this post by Jeff Gross-2
New error.. this one is related to the definition
of the KEY_DIR.

If I just make the key_dir in vars read:  
set KEY_DIR=C:\OpenVPN\easy-rsa\keys

I get the following error:

Error opening CA private key C:\OpenVPN\easy-rsa\keysca.key
596:error:02001002:system library:fopen:No such file or
directory:.\crypto\bio\b
ss_file.c:278:fopen('C:\OpenVPN\easy-rsa\keysca.key','rb')
596:error:20074002:BIO routines:FILE_CTRL:system
lib:.\crypto\bio\bss_file.c:280
:
unable to load CA private key

if I copy the ca.key as keysca.key along with the other files
(keysindex, keysca.key, etc)
into the next dir up, (c:\openvpn\easy-rsa)  I can create the server key
successfully.

So somewhere there is some kind of problem with the key_dir variable.
it's not inserting the backslash after the KEY_DIR definition.
If I put in a backslash, it errors out completely.


I'm not sure if it's in the openssl.cnf or vars.bat

My VARS.BAT:
=====<snip>==========================================
@echo off
set HOME=C:\OpenVPN\easy-rsa
set KEY_CONFIG=C:\OpenVPN\easy-rsa\openssl.cnf

set KEY_DIR=C:\OpenVPN\easy-rsa\keys

set KEY_SIZE=1024
set KEY_COUNTRY=US
set KEY_PROVINCE=PA
set KEY_CITY=Bensalem
set KEY_ORG=company
set KEY_EMAIL=[hidden email]
======<snip>=========================================

The suspect section of Openssl.cnf:
======<snip>==========================================
HOME = .
RANDFILE = $ENV::HOME/.rnd

oid_section = new_oids
[ new_oids ]
####################################################################
[ ca ]
default_ca = CA_default # The default ca section

####################################################################
[ CA_default ]

dir = $ENV::KEY_DIR # Where everything is kept
certs = $dir # Where the issued certs are
kept
crl_dir = $dir # Where the issued crl are kept
database = $dir\index.txt # database index file.
new_certs_dir = $dir # default place for new certs.

certificate = $dir\ca.crt # The CA certificate
serial = $dir\serial # The current serial number
crl = $dir\crl.pem # The current CRL
private_key = $dir\ca.key # The private key
RANDFILE = $dir\.rand # private random number file

x509_extensions = usr_cert # The extentions to add to the
cert
=====<snip>=============================================================
======

Somehow the KEY_DIR is not getting the backslash inserted or the
where the name of the key to use, the backslash is missing. I'm really
not
sure why it's not working.



-=Jeff Gross=-
Tucker Industries
3170 Tucker Road
Bensalem, PA 19020
* 215-638-1900 [phone]
* 215-638-3477 [fax]
* 267-496-0350 [cell]
www.tuckerind.com


winmail.dat (4K) Download Attachment