Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Stretch: No openssl.cnf file for easy-rsa

Off-Topic discussions about science, technology, and non Debian specific topics.
Post Reply
Message
Author
dahai8
Posts: 5
Joined: 2017-04-12 01:38

Stretch: No openssl.cnf file for easy-rsa

#1 Post by dahai8 »

I'm running Raspbian Stretch build on my Pi, and yes, I have posted this question on the Raspberry Pi Forum but received no responses for two days now.

The openssl version that comes with Debian Stretch is "OpenSSL 1.1.0f 25 May 2017", but there is no openssl-1.1.0.cnf file in easy-rsa. So running 'source ./vars' fails when it tries to run whichopensslcnf:
No openssl.cnf file could be found
Further invocations will fail
I've read one page that suggested using Easy-RSA v3.x, but it is not available in the Raspbian repository to download. Also, from what I've read, this had been broken in Stretch since Jan 2017!

What can I do to resolve this and use OpenVPN/OpenSSL/Easy-RSA?
Can I copy the latest version of openssl*.cnf into opensl-1.1.0.cnf?

Thank you for your help!!!

kedaha
Posts: 3521
Joined: 2008-05-24 12:26
Has thanked: 33 times
Been thanked: 77 times

Re: Stretch: No openssl.cnf file for easy-rsa

#2 Post by kedaha »

Even though replies are late in coming at the Raspbian forums, this is not the right place to post the question.
It's an interesting question though.
By the way, you may be interested to know that you can install Debian itself on a Raspberry Pi. See wiki.debian.org/RaspberryPi, and a new version for Debian Stretch is available.
It goes against the grain to post questions here about other distributions, even though they may be based on or very similar to Debian itself.
DebianStable

Code: Select all

$ vrms

No non-free or contrib packages installed on debian!  rms would be proud.

dahai8
Posts: 5
Joined: 2017-04-12 01:38

Re: Stretch: No openssl.cnf file for easy-rsa

#3 Post by dahai8 »

Ok, but the question applies to Debian users as well as it is also broke in Sketch on Debian.
So, nope, installing Debian Sketch on the Pi will not fix it.
Thanks.

kedaha
Posts: 3521
Joined: 2008-05-24 12:26
Has thanked: 33 times
Been thanked: 77 times

Re: Stretch: No openssl.cnf file for easy-rsa

#4 Post by kedaha »

No, I don't propose your installing Debian Stretch as a solution to this particular problem but this is a forum for Debian users. It may or not coincide that it's an issue affecting both Debian and Raspbian, but if your question is to be discussed here, then logically, this would have to be a forums open to all posts from any Linux distribution on the assumption that the issue might coincide.
DebianStable

Code: Select all

$ vrms

No non-free or contrib packages installed on debian!  rms would be proud.

dahai8
Posts: 5
Joined: 2017-04-12 01:38

Re: Stretch: No openssl.cnf file for easy-rsa

#5 Post by dahai8 »

I'm wondering if anyone has tried just copying over the previous version of openssl.cnf (openssl-1.0.0.cnf) to the the new version name (openssl-1.1.0.cnf)?

cips
Posts: 1
Joined: 2017-12-04 07:56

Re: Stretch: No openssl.cnf file for easy-rsa

#6 Post by cips »

dahai8 wrote:I'm wondering if anyone has tried just copying over the previous version of openssl.cnf (openssl-1.0.0.cnf) to the the new version name (openssl-1.1.0.cnf)?
I tried, but it is not working out of the box. build-ca is complaining:

Code: Select all

req: Error on line 198 of config file "/etc/openvpn/easy-rsa/openssl.cnf"
In this line, subjectAltName is defined. I commented out this line and the second one with subjectAltName (line 220), and now I can create certificates with easy-rsa.

BTW: I had to name the file openssl.cnf, because whichopensslcnf did not recognise the file when it is named openssl-1.1.0.cnf.

Post Reply