Легенда:
новое сообщение
закрытая нитка
новое сообщение
в закрытой нитке
старое сообщение
|
- Напоминаю, что масса вопросов по функционированию форума снимается после прочтения его описания.
- Новичкам также крайне полезно ознакомиться с данным документом.
[Slackware] openvpn+openssl 19.06.06 10:07 Число просмотров: 3852
Автор: DamNet <Denis Amelin> Статус: Elderman Отредактировано 19.06.06 10:34 Количество правок: 1
|
Не создаются нормально сертификаты, не пойму где копать...
делаю все по http://openvpn.net/easyrsa.html
root@sayga:/usr/local/etc/openvpn/easy-rsa# . vars
NOTE: when you run ./clean-all, I will be doing a rm -rf on /usr/local/etc/openvpn/easy-rsa/keys
root@sayga:/usr/local/etc/openvpn/easy-rsa# ./clean-all
root@sayga:/usr/local/etc/openvpn/easy-rsa# ./build-ca
Generating a 1024 bit RSA private key
...................++++++
................................++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [RU]:
State or Province Name (full name) [NA]:
Locality Name (eg, city) [MOSCOW]:
Organization Name (eg, company) [KING LION]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address [admin@kbgfood.ru]:
root@sayga:/usr/local/etc/openvpn/easy-rsa# ./build-inter inter
Generating a 1024 bit RSA private key
.....++++++
....++++++
writing new private key to 'inter.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [RU]:
State or Province Name (full name) [NA]:
Locality Name (eg, city) [MOSCOW]:
Organization Name (eg, company) [KING LION]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address [admin@kbgfood.ru]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/local/etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'RU'
stateOrProvinceName :PRINTABLE:'NA'
localityName :PRINTABLE:'MOSCOW'
organizationName :PRINTABLE:'KING LION'
emailAddress :IA5STRING:'admin@kbgfood.ru'
The commonName field needed to be supplied and was missing
root@sayga:/usr/local/etc/openvpn/easy-rsa# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
........................
root@sayga:/usr/local/etc/openvpn/easy-rsa#
В результате создаются
ca.crt
ca.key
dh1024.pem
inter.crt
inter.csr
inter.key
Вся загвоздка в том, что inter.crt имеет 0ю длину и в общем-то не подходит для дальнейшего использования.... где копать, ума не проедставляю, может кто наступал на такие грабли
Заранее спасибо
|
- [Slackware] openvpn+openssl - DamNet 19.06.06 10:07 [3852]
|
|
|