我今天早上创build了一个新的OpenVPN安装。 我的testing用户工作,一切都很好。 现在我想创build额外的用户,但是当我运行这个命令:
C:\Documents and Settings\User>"C:\Program Files\OpenVPN\easy-rsa\build-key" newuser 这就是系统给我的回报:
C:\Documents and Settings\User req [options] <infile >outfile where options are -inform arg input format - DER or PEM -outform arg output format - DER or PEM -in arg input file -out arg output file -text text form of request -pubkey output public key -noout do not output REQ -verify verify signature on REQ -modulus RSA modulus -nodes don't encrypt the output key -engine e use engine e, possibly a hardware device -subject output the request's subject -passin private key password source -key file use the private key contained in file -keyform arg key file format -keyout arg file to send the key to -rand file;file;... load the file (or the files in the directory) into the random number generator -newkey rsa:bits generate a new RSA key of 'bits' in size -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file' -newkey ec:file generate a new EC key, parameters taken from CA in 'file' -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4) -config file request template file. -subj arg set or modify request subject -multivalue-rdn enable support for multivalued RDNs -new new request. -batch do not ask anything during request generation -x509 output a x509 structure instead of a cert. req. -days number of days a certificate generated by -x509 is valid for. -set_serial serial number to use for a certificate generated by -x509. -newhdr output "NEW" in the header lines -asn1-kludge Output the 'request' in a format that is wrong but some CA's have been reported as requiring -extensions .. specify certificate extension section (override value in config file) -reqexts .. specify request extension section (override value in config file ) -utf8 input characters are UTF8 (default ASCII) -nameopt arg - various certificate name options -reqopt arg - various request text options unknown option -config usage: ca args -verbose - Talk a lot while doing things -config file - A config file -name arg - The particular CA definition to use -gencrl - Generate a new CRL -crldays days - Days is when the next CRL is due -crlhours hours - Hours is when the next CRL is due -startdate YYMMDDHHMMSSZ - certificate validity notBefore -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days) -days arg - number of days to certify the certificate for -md arg - md to use, one of md2, md5, sha or sha1 -policy arg - The CA 'policy' to support -keyfile arg - private key file -keyform arg - private key file format (PEM or ENGINE) -key arg - key to decode the private key if it is encrypted -cert file - The CA certificate -selfsign - sign a certificate with the key associated with it -in file - The input PEM encoded certificate request(s) -out file - Where to put the output file(s) -outdir dir - Where to put output certificates -infiles .... - The last argument, requests to process -spkac file - File contains DN and signed public key and challenge -ss_cert file - File contains a self signed cert to sign -preserveDN - Don't re-order the DN -noemailDN - Don't add the EMAIL field into certificate' subject -batch - Don't ask questions -msie_hack - msie modifications to handle all those universal strings -revoke file - Revoke a certificate (given in file) -subj arg - Use arg instead of request's subject -utf8 - input characters are UTF8 (default ASCII) -multivalue-rdn - enable support for multivalued RDNs -extensions .. - Extension section (override value in config file) -extfile file - Configuration file with X509v3 extensions to add -crlexts .. - CRL extension section (override value in config file) -engine e - use engine e, possibly a hardware device. -status serial - Shows certificate status given the serial number -updatedb - Updates db for expired certificates Could Not Find C:\*.old
有没有解决这个问题? (除了重新安装应用程序?)
我有一个理论,要求我事先运行一些先前的命令,但如果是这样,我不确定哪一个; 我不想意外地杀死我的服务器密钥(尽pipe可能我误解了每个命令的使用)。
easy-rsa脚本依赖于你以前应该在vars.batconfiguration和获取的一些环境variables。 假设它仍然包含正确的信息,那么只需在继续之前重新执行vars.bat 。
确保您以前制作的ca.crt,ca.key,01.pem,02.pem,03.pem和dh1024.pem文件位于Program Files \ OpenVPN \ easy-rsa \ keys文件夹中或具有副本。