[FUG-BR] Openvpn - problemas com build-ca

Christiano Liberato christianoliberato em gmail.com
Sexta Março 16 15:09:02 BRT 2012 

OK...

>
> Qual o conteudo da variavel OPENSSL... Ela tem que apontar para o
> openssl.cnf que fica em
> /ur/local/share/examples/openvpn/easy-rsa/2.0/openssl.cnf e olhando o seu
> arquivo esta apenas openssl...
> Corrija e aponte para o arquivo openssl.cnf que esta no caminho acima que
> deve funcionar agora... E verifique sempre se as variaveis estao apontando
> pro lugar certo senao nao roda mesmo....
>
> --
> Cordialmente,
>
> Ricardo Ferreira
> Sotech - Soluções Tecnológicas
> -------------------------------------------------------------------
> Sotech Soluções Tecnologicas
> Rua da Alfazema, 761, 1o. andar - 102/103
> 41820-710 - Caminho das Árvores - Salvador-BA - Brasil
> Tel Comercial: 55 71 3472.9400 / Cel Comercial: 55 71 9138.4630
>
> Email: ricardo.ferreira em Sotechdatacenter.com.br
> www.sotechdatacenter.com.br
>
>
> Esta mensagem é dirigida apenas ao seu destinatário e pode conter
> informações confidenciais, não passíveis de divulgação nos termos da
> legislação em vigor. Caso tenha recebido esta mensagem por engano,
> solicitamos notificar a Sotech Soluções Tecnológicas e excluí-la de sua
> caixa postal.
>
> This message, including its attachments, may contain confidential
> information. If you have improperly received this message, please delete
> it from your system and notify immediately the sender. Any form of
> utilization, reproduction, forward, alteration, distribution and/or
> disclosure of this content in whole or in part, without the prior written
> authorization of the sender, is strictly prohibited. Thanks for your
> cooperation.
>
>
>
>
>
>
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>

Ricardo,

em todos exemplos que vi até agora, a variável OPENSSL faz referência ao
OPENSSL instalado no server.
Não seria isso?

A linha que vc esta dizendo, comentei no vars. O conteúdo default dela é:
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`

e deveria ficar como: export KEY_CONFIG=`$EASY_RSA/openssl.cnf`
Se deixar como esta acima e executar com shell SH o comando . ./vars,
aparece:

\u@\h \w # . ./vars
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[10]: HOME: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[11]: RANDFILE: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[12]: openssl_conf: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[17]: oid_section: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[18]: engines: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[37]: default_ca: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[42]: dir: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[43]: certs: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[44]: crl_dir: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[45]: database: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[46]: new_certs_dir: not
found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[48]: certificate: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[49]: serial: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[50]: crl: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[51]: private_key: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[52]: RANDFILE: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[54]: x509_extensions: not
found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[60]: default_days: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[61]: 30: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[62]: default_md: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[63]: preserve: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[68]: policy: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[72]: countryName: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[73]: stateOrProvinceName:
not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[74]: organizationName: not
found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[75]:
organizationalUnitName: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[76]: commonName: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[77]: name: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[78]: emailAddress: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[84]: countryName: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[85]: stateOrProvinceName:
not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[86]: localityName: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[87]: organizationName: not
found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[88]:
organizationalUnitName: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[89]: commonName: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[90]: name: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[91]: emailAddress: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[95]: default_bits: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[96]: default_keyfile: not
found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[97]: distinguished_name:
not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[98]: attributes: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[99]: x509_extensions: not
found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[113]: string_mask: not found
/usr/local/etc/openvpn/easy-rsa/2.0/openssl.cnf[118]: syntax error: `('
unexpected
NOTE: If you run ./clean-all, I will be doing a rm -rf on
/usr/local/etc/openvpn/easy-rsa/2.0/keys
\u@\h \w #

Ou seja, teria que editar todo esse arquivo para passar.

Mais detalhes sobre a lista de discussão freebsd