|
|
It seems to be a problem with the easy-rsa revoke-full script. One way to get it to work is to edit it as follows. Inside the 2nd if statement (if [ "$KEY_DIR" ]; then), add the following lines immediately after the other 2 export statements (or anywhere before it first calls $OPENSSL): export PKCS11_MODULE_PATH="dummy" export PKCS11_PIN="dummy" What's going on is that the openssl.cnf script requires those variables to be defined, but as long as PKCS11 isn't being used (which it isn't if you call the revoke-full script with only a single argument), it doesn't matter what they are set to. Jennifer -----Original Message----- Subject: [Openvpn-users] Make crl.pem with easy-rsa 2.0 From: okahei@xxxxxxxxx Date: Tue, 28 Nov 2006 16:33:08 +0100 Hello how can i make a crl.pem file with easy-rsa2.0 ? Becouse te Revoke-Full script is not working. It gives me this error : ---------------------------------------------------------------------------- ----------------------- OpenVPN:~/easy-rsa/2.0# ./revoke-full cliente2 Using configuration from /root/easy-rsa/2.0/openssl.cnf error on line 282 of config file '/root/easy-rsa/2.0/openssl.cnf' 2002:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:629:line 282 Using configuration from /root/easy-rsa/2.0/openssl.cnf error on line 282 of config file '/root/easy-rsa/2.0/openssl.cnf' 2003:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:629:line 282 cat: crl.pem: No existe el fichero o el directorio cliente2.crt: /C=ES/ST=ES/L=SanFrancisco/O=GTC/CN=cliente2/emailAddress=kokoa@xxxxx error 3 at 0 depth lookup:unable to get certificate CRL ---------------------------------------------------------------------------- ---------------------- it creates a keys/revoke-test.pem file... but no crl.pem file is create.... thanks for read ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |