5

I can't connect to my Easy-RSA VPN server. I can connect using SSH; in the logfiles I read "error=CRL has expired". So, according to instructions found using Google I should run 

./easyrsa gen-crl

Which gives the error: 

 Easy-RSA error:

 Missing expected CA file: ca.crt (perhaps you need to run build-ca?)
 Run easyrsa without commands for usage and command help.

The ca.crt file is located in /etc/openvpn/ca.crt. Where should I put it so I can run the gen-crl command succesfully.

Lennart
  • 185
  • 2
  • 4
  • Usually easy-rsa stores its certificates (including CA) in its own directory/keys. If you have the default openvpn/easy-rsa combo often in `/etc/openvpn/easy-rsa/{1.0,2.0,3.0,...}/keys/ca.crt`. But this information should all be stored in your easy-rsa config files. – Lenniey Jan 14 '19 at 10:41

1 Answers1

6

Your ca.crt should reside in ./pki and ca.key in ./pki/private relative to easyrsa script so you should copy or symlink these two files into these directories.

patok
  • 692
  • 1
  • 5
  • 15