KEY_CONFIG pointing to the wrong version of openssl.cnf
Solution 1
it's hard to tell without more information...
anyhow, you have either
not properly configured your installation via the
vars
fileor you haven't activated the
vars
file by runningsource vars
prior to running./build-ca
the vars
file contains (among other things) the definition of the KEY_CONFIG
variable. the default (on my Debian system) is to call a wrapper-script which will try to find the correct default openssl.conf
file for you
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
(on my system i have OpenSSL 1.0.1e 11 Feb 2013 installed, so KEY_CONFIG evaluates to .../openssl-1.0.0.cnf
)
if this doesn't work for you, you can manually set the KEY_CONFIG
to a value that matches yours.
Solution 2
ln -s openssl-1.0.0.cnf openssl.cnf
Related videos on Youtube
Jason
Updated on September 18, 2022Comments
-
Jason over 1 year
I am trying to setup OpenVPN but I am getting this error:
#./build-ca grep: /etc/openvpn/easy-rsa/2.0/openssl.cnf: No such file or directory pkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong version of openssl.cnf: /etc/openvpn/easy-rsa/2.0/openssl.cnf The correct version should have a comment that says: easy-rsa version 2.x
I have OpenSSL* installed. Do I need to set a location?
-
Raphael Ahrens over 10 yearsYou should explain why this command should be executed and what was the problem in the first place. Even if it may be obvious.
-
Rob Sedgwick over 6 yearsIt's magic, but it works.
-
michel.iamit over 6 yearsjust do a ls in the folder, and you will see what openssl-x.x.x.cnf are available... 1.0.0 is the hights, ln -s is a symbolic link... guess that explains it enough?
-
TD_Nijboer over 6 yearsi have the same settup, yet the whichopensslcnf points to the wrong openssl version. i have 1.1.0g installed but only 0.9.6.cnf / 0.9.8.cnf and 1.0.0.cnf. How do i add another openssl.cnf for 1.1.0g? as source vars now gives an error the same as @frank
-
madlife over 5 yearsThis should not be the accepted answer.
-
Manny265 over 5 yearsworks like magic during my setup of OpenVPN. it creates a link to the current version of openssl
-
Admin almost 2 yearsIt works for me.