OpenVPN server on Ubuntu 14.04.
Easy-rsa on the certificate authority server on Ubuntu 14.04. Done this way because I want the ca.key file to be separate from the machine that acts as the openvpn server for security reasons.
I start up a client, use easy-rsa to generate a key and csr file, then scp the csr file to the CA server and run either <>./sign-req keys/linuxclient2.csr or ./pkitool –sign keys/linuxclient2.csr.
I get the following error:
Using configuration from /usr/share/easy-rsa/openssl-1.0.0.cnf
keys/linuxclient2.csr.crt: No such file or directory
139779055732384:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('keys/linuxclient2.csr.crt','w')
139779055732384:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
It generates a file called linuxclient2.csr.crt, which is not a valid cert. I then delete the file and try again and get the same exact error message, only this time the .csr.crt file is not present.
Unable to sign certificate signing requests, which means I am now forced to sign them at the CA and distribute them over a not-exactly-the-most-secure channel 🙁
Best Answer
I believe, according to the docs, you only need to do
./sign-req keys/linuxclient2or similar - it wants to take care of the "file extensions" on its own.https://openvpn.net/index.php/open-source/documentation/miscellaneous/77-rsa-key-management.html