Build-key-pass in windows



  • Hello , i am string to run the build-key-pass.bat in windows. It is not in the easy-rsa folder and i have looked everywhere to get it. The only one there is build-key.bat

    It is not there in ovpn 2.1

    Can someone help me to create one please? ;D



  • This is not a pfSense-question.
    Please read inthe openVPN documentation:
    http://openvpn.net/index.php/documentation/howto.html



  • I assure you i did! I have also look everywhere on the web with no answer.

    Nobody is providing an answer on the Ovpn sites since they usually run everything from BSD/Linux  and figured that one of you expert could help!



  • Copy the build-key.bat script to build-key-pass.bat and remove the -nodes option in the copy (-nodes instructs openssl not to encrypt the secret key).



  • Thank you KPA for the responce, but it is not working :'(
    Here is what i get after i do it. I am able to generate a NON encrypted file witout problem!

    Microsoft Windows XP [version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\admin>CD C:\Program Files\OpenVPN\easy-rsa

    C:\Program Files\OpenVPN\easy-rsa>build-key-pass.bat test1
    C:\Program Files\OpenVPN\easy-rsa
    req [options] <infile>outfile
    where options  are
    -inform arg    input format - DER or PEM
    -outform arg  output format - DER or PEM
    -in arg        input file
    -out arg      output file
    -text          text form of request
    -pubkey        output public key
    -noout        do not output REQ
    -verify        verify signature on REQ
    -modulus      RSA modulus
    -nodes        don't encrypt the output key
    -engine e      use engine e, possibly a hardware device
    -subject      output the request's subject
    -passin        private key password source
    -key file      use the private key contained in file
    -keyform arg  key file format
    -keyout arg    file to send the key to
    -rand file;file;…
                    load the file (or the files in the directory) into
                    the random number generator
    -newkey rsa:bits generate a new RSA key of 'bits' in size
    -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'
    -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)
    -config file  request template file.
    -subj arg      set or modify request subject
    -new          new request.
    -batch        do not ask anything during request generation
    -x509          output a x509 structure instead of a cert. req.
    -days          number of days a certificate generated by -x509 is valid for.
    -set_serial    serial number to use for a certificate generated by -x509.
    -newhdr        output "NEW" in the header lines
    -asn1-kludge  Output the 'request' in a format that is wrong but some CA's
                    have been reported as requiring
    -extensions .. specify certificate extension section (override value in config
    file)
    -reqexts ..    specify request extension section (override value in config file
    )
    -utf8          input characters are UTF8 (default ASCII)
    -nameopt arg    - various certificate name options
    -reqopt arg    - various request text options

    unknown option -config
    usage: ca args

    -verbose        - Talk alot while doing things
    -config file    - A config file
    -name arg      - The particular CA definition to use
    -gencrl        - Generate a new CRL
    -crldays days  - Days is when the next CRL is due
    -crlhours hours - Hours is when the next CRL is due
    -startdate YYMMDDHHMMSSZ  - certificate validity notBefore
    -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)
    -days arg      - number of days to certify the certificate for
    -md arg        - md to use, one of md2, md5, sha or sha1
    -policy arg    - The CA 'policy' to support
    -keyfile arg    - private key file
    -keyform arg    - private key file format (PEM or ENGINE)
    -key arg        - key to decode the private key if it is encrypted
    -cert file      - The CA certificate
    -in file        - The input PEM encoded certificate request(s)
    -out file      - Where to put the output file(s)
    -outdir dir    - Where to put output certificates
    -infiles ….  - The last argument, requests to process
    -spkac file    - File contains DN and signed public key and challenge
    -ss_cert file  - File contains a self signed cert to sign
    -preserveDN    - Don't re-order the DN
    -noemailDN      - Don't add the EMAIL field into certificate' subject
    -batch          - Don't ask questions
    -msie_hack      - msie modifications to handle all those universal strings
    -revoke file    - Revoke a certificate (given in file)
    -subj arg      - Use arg instead of request's subject
    -extensions ..  - Extension section (override value in config file)
    -extfile file  - Configuration file with X509v3 extentions to add
    -crlexts ..    - CRL extension section (override value in config file)
    -engine e      - use engine e, possibly a hardware device.
    -status serial  - Shows certificate status given the serial number
    -updatedb      - Updates db for expired certificates
    Impossible to find C:*.old</infile>



  • Remember to run vars.bat everytime before generating any keys.



  • Thank you! ;D
    Not so good with all that code…

    It created 3 files test.crt
    test.csr
    test.key

    All normal?

    What is the csr for anyway?

    I will try it later and let you know

    Thank you very mutch


Log in to reply