[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Make crl.pem with easy-rsa 2.0


  • Subject: Re: [Openvpn-users] Make crl.pem with easy-rsa 2.0
  • From: Jennifer Cormier <jcormier@xxxxxxxxxxxxxxx>
  • Date: Thu, 6 Dec 2007 09:51:32 -0500

It seems to be a problem with the easy-rsa revoke-full script.  One way to
get it to work is to edit it as follows.

Inside the 2nd if statement (if [ "$KEY_DIR" ]; then), add the following
lines immediately after the other 2 export statements (or anywhere before it
first calls $OPENSSL):

	export PKCS11_MODULE_PATH="dummy"
	export PKCS11_PIN="dummy"

What's going on is that the openssl.cnf script requires those variables to
be defined, but as long as PKCS11 isn't being used (which it isn't if you
call the revoke-full script with only a single argument), it doesn't matter
what they are set to.

Jennifer


-----Original Message-----
Subject: [Openvpn-users] Make crl.pem with easy-rsa 2.0
From: okahei@xxxxxxxxx
Date: Tue, 28 Nov 2006 16:33:08 +0100 
 
Hello

how can i make a crl.pem file with easy-rsa2.0 ?

Becouse te Revoke-Full script is not working.

It gives me this error :

----------------------------------------------------------------------------
-----------------------
OpenVPN:~/easy-rsa/2.0# ./revoke-full cliente2 Using configuration from
/root/easy-rsa/2.0/openssl.cnf error on line 282 of config file
'/root/easy-rsa/2.0/openssl.cnf'
2002:error:0E065068:configuration file routines:STR_COPY:variable has no
value:conf_def.c:629:line 282 Using configuration from
/root/easy-rsa/2.0/openssl.cnf error on line 282 of config file
'/root/easy-rsa/2.0/openssl.cnf'
2003:error:0E065068:configuration file routines:STR_COPY:variable has no
value:conf_def.c:629:line 282
cat: crl.pem: No existe el fichero o el directorio
cliente2.crt:
/C=ES/ST=ES/L=SanFrancisco/O=GTC/CN=cliente2/emailAddress=kokoa@xxxxx
error 3 at 0 depth lookup:unable to get certificate CRL

----------------------------------------------------------------------------
----------------------

it creates a keys/revoke-test.pem file... but no crl.pem file is create....

thanks for read 

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users