From owner-freebsd-questions@FreeBSD.ORG Fri Jan 21 04:34:21 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9CC1C16A4CE for ; Fri, 21 Jan 2005 04:34:21 +0000 (GMT) Received: from ms-smtp-04-eri0.southeast.rr.com (ms-smtp-04-lbl.southeast.rr.com [24.25.9.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 25ABA43D46 for ; Fri, 21 Jan 2005 04:34:21 +0000 (GMT) (envelope-from jason@ec.rr.com) Received: from BARTON (cpe-065-184-201-054.ec.rr.com [65.184.201.54]) j0L4YICh024447 for ; Thu, 20 Jan 2005 23:34:18 -0500 (EST) Date: Fri, 21 Jan 2005 04:42:12 +0000 From: Jason Henson To: freebsd-questions@freebsd.org References: <41F064BE.8060509@metrocast.net> In-Reply-To: <41F064BE.8060509@metrocast.net> (from sgill@metrocast.net on Thu Jan 20 21:11:10 2005) X-Mailer: Balsa 2.2.6 Message-Id: <1106282532l.49858l.2l@BARTON> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; DelSp=Yes; Format=Flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: Symantec AntiVirus Scan Engine Subject: Re: openvpn? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 04:34:21 -0000 On 01/20/05 21:11:10, Shawn wrote: > I have been attempting to get open vpn working on my freebsd 4.11 =20 > Alpha machine. SO Far I have done the following.. >=20 > I did the make install for /usr/ports/security/openvpn/ >=20 > Where is uses SSL Im trying to understand the config file for /etc/=20 > ssl/openssl.cnf After an attempted figure change I try to generate =20 > the keys.. >=20 > I create a master certificate authority certificate/private-key >=20 > *openssl req -nodes -new -x509 -keyout shawng-ca.key -out shawng-=20 > ca.crt -days 3650* >=20 > Then create certificate/private-key pairs for both Home and Office: >=20 > *openssl req -nodes -new -keyout office.key -out office.csr >=20 > * >=20 > Then this gives me a hard time.. >=20 > *openssl ca -out office.crt -in office.csr >=20 > * >=20 > # openssl ca -out office.crt -in office.csr > --> /This screams config file to me --> /Using configuration from /=20 > etc/ssl/openssl.cnf > Error opening CA private key ./demoCA/private/cakey.pem > 63975:error:0E06D06C:configuration file routines:NCONF_get_string:no =20 > value:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/=20 > conf/conf_lib.c:329:group=3DCA_default name=3Dunique_subject > 63975:error:02001002:system library:fopen:No such file or directory:/=20 > usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/=20 > bss_file.c:276:fopen('./demoCA/private/cakey.pem','r') > 63975:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/=20 > secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/=20 > bss_file.c:278: > unable to load CA private key > Segmentation fault (core dumped) > The core dump is very bad and should not happen, I would suggest you =20 update your base system if there is a bug in there. For an easy openssl walk through checkout http://www.freebsdaddicts.com/forum/viewtopic.php?id=3D268