Keep getting permission denied from easyrsa init-pki #1018
Comments
|
@jepaquette You are the first and only person to ever report this problem. If you want to use EasyRSA in |
|
Okay--I always leave elevated privileges off because I use Dragon for all my writing and it requires elevated privileges to be off. So, should I move the whole EasyRSA operation to as separate folder somewhere else on the C: drive??? Thanks for the quick reply!!! |
|
EasyRSA recommends that you copy FYI: Your Private CA key is World readable when it is kept in Also, for |
|
Thank you--most helpful! |
|
So I successfully built my server crt, my client crts, my private keys, and DH PEM but was disappointed to find that on the first client I have tested, after rechecking files several times, that TLS is not "shaking hands." Fri Sep 08 13:56:50 2023 us=540874 UDPv4 READ [0] from [AF_UNSPEC]: DATA UNDEF len=-1 Network is fine. I'm still keeping my old OpenVPN GUIs but I don't think that should matter. Any thoughts on troubleshooting??? |
|
Sorry, we do not debug OpenVPN connection problems here. |
|
Hello again TinCanTech--after a couple of days of digging on OpenVPN and related sites, I am back with what I believe is a legitimate EasyRSA question. StackExchange at https://security.stackexchange.com/questions/211795/openvpn-error-unsupported-certificate-purpose says: "Under EasyRSA 3, what controls this parameter is the use of build-client-full or build-server-full command line depending on whether you want to generate the server side certificate or client certificates." That post says this is necessary to enable TLS Web Server Authentication on the server key and avoid the "unsuitable certificate purpose" error I am getting on my new OpenVPN GUI client. However the newest version of EasyRSA does not accept "build-server-full server," so how do I make sure that the server key knows that it is a server? Thank you for any clarification you can provide on the syntax to get the current version of EasyRSA to generate appropriate server-side key and crts. |
|
Discovered this most helpful page immediately after I sent my last message and my TLS error is now gone. I have one other error but it is purely OpenVPN. |
My basic problem is what looks like a Windows files permission problem but which I cannot fix by changing Windows permissions with which I'm quite familiar. If I run EasyRSA-Start.bat bundled with the current version (3.1.6) EasyRSA, I get a “permission denied” error which I don't seem to be able to eliminate with Windows permissions on my PKI folder.
I get back the following from easyrsa init-pki:
rm: c:/program files/openvpn/2023/easyrsa-3.1.6/pki: Permission denied
Easy-RSA error:
init-pki hard reset failed.
EasyRSA Version Information
Version: 3.1.6
Generated: Fri Aug 18 09:28:26 CDT 2023
SSL Lib: OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)
Git Commit: 9850ced
Source Repo: https://github.com/OpenVPN/easy-rsa
Host: 3.1.6 | win | @(#)MIRBSD KSH R39-w32-beta14 $Date: 2013/06/28 21:28:57 $ |
Can someone please explain what is going on here and how I can fix it — if I can!
The text was updated successfully, but these errors were encountered: