Openvpn : Failed to create client key

willy9 · 2016-05-10 21:27:35

I'm trying to generate keys for a new client machine on my existing Openvpn server. I already successfully generated keys there a few weeks ago, but the method described in the wiki is now failing with error :

unable to load certificate
139983183140504:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE

What could be the reason for this ? It did work before...

x33a · 2016-05-11 04:56:01

Post the exact command sequence that you are using. Also make sure that your CA certificate hasn't expired.

R00KIE · 2016-05-11 12:55:53

You might want to use pkitool instead of calling the other scripts directly. Call pkitool without arguments to see the help.

willy9 · 2016-05-11 19:48:09

x33a wrote:

Post the exact command sequence that you are using. Also make sure that your CA certificate hasn't expired.

Here is the exact sequence:

ssh obelix
su
cd /root/easy-rsa
source ./vars
./build-key pneumatix

The ca certificate was generated on April 14th, with a validity of 3650 days. I should have a ca.crt and a ca.key, right ?

x33a · 2016-05-12 09:13:00

willy9 wrote:

Here is the exact sequence:
ssh obelix
su
cd /root/easy-rsa
source ./vars
./build-key pneumatix
The ca certificate was generated on April 14th, with a validity of 3650 days. I should have a ca.crt and a ca.key, right ?

Your commands look fine and yes, you should have a ca.crt and ca.key as well.

Arch Linux

#1 2016-05-10 21:27:35

Openvpn : Failed to create client key

#2 2016-05-11 04:56:01

Re: Openvpn : Failed to create client key

#3 2016-05-11 12:55:53

Re: Openvpn : Failed to create client key

#4 2016-05-11 19:48:09

Re: Openvpn : Failed to create client key

#5 2016-05-12 09:13:00

Re: Openvpn : Failed to create client key

Board footer