Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Build-key-pass in windows

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 3 Posters 11.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      running
      last edited by

      Hello , i am string to run the build-key-pass.bat in windows. It is not in the easy-rsa folder and i have looked everywhere to get it. The only one there is build-key.bat

      It is not there in ovpn 2.1

      Can someone help me to create one please? ;D

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        This is not a pfSense-question.
        Please read inthe openVPN documentation:
        http://openvpn.net/index.php/documentation/howto.html

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • R
          running
          last edited by

          I assure you i did! I have also look everywhere on the web with no answer.

          Nobody is providing an answer on the Ovpn sites since they usually run everything from BSD/Linux  and figured that one of you expert could help!

          1 Reply Last reply Reply Quote 0
          • K
            kpa
            last edited by

            Copy the build-key.bat script to build-key-pass.bat and remove the -nodes option in the copy (-nodes instructs openssl not to encrypt the secret key).

            1 Reply Last reply Reply Quote 0
            • R
              running
              last edited by

              Thank you KPA for the responce, but it is not working :'(
              Here is what i get after i do it. I am able to generate a NON encrypted file witout problem!

              Microsoft Windows XP [version 5.1.2600]
              (C) Copyright 1985-2001 Microsoft Corp.

              C:\Documents and Settings\admin>CD C:\Program Files\OpenVPN\easy-rsa

              C:\Program Files\OpenVPN\easy-rsa>build-key-pass.bat test1
              C:\Program Files\OpenVPN\easy-rsa
              req [options] <infile>outfile
              where options  are
              -inform arg    input format - DER or PEM
              -outform arg  output format - DER or PEM
              -in arg        input file
              -out arg      output file
              -text          text form of request
              -pubkey        output public key
              -noout        do not output REQ
              -verify        verify signature on REQ
              -modulus      RSA modulus
              -nodes        don't encrypt the output key
              -engine e      use engine e, possibly a hardware device
              -subject      output the request's subject
              -passin        private key password source
              -key file      use the private key contained in file
              -keyform arg  key file format
              -keyout arg    file to send the key to
              -rand file;file;…
                              load the file (or the files in the directory) into
                              the random number generator
              -newkey rsa:bits generate a new RSA key of 'bits' in size
              -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'
              -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)
              -config file  request template file.
              -subj arg      set or modify request subject
              -new          new request.
              -batch        do not ask anything during request generation
              -x509          output a x509 structure instead of a cert. req.
              -days          number of days a certificate generated by -x509 is valid for.
              -set_serial    serial number to use for a certificate generated by -x509.
              -newhdr        output "NEW" in the header lines
              -asn1-kludge  Output the 'request' in a format that is wrong but some CA's
                              have been reported as requiring
              -extensions .. specify certificate extension section (override value in config
              file)
              -reqexts ..    specify request extension section (override value in config file
              )
              -utf8          input characters are UTF8 (default ASCII)
              -nameopt arg    - various certificate name options
              -reqopt arg    - various request text options

              unknown option -config
              usage: ca args

              -verbose        - Talk alot while doing things
              -config file    - A config file
              -name arg      - The particular CA definition to use
              -gencrl        - Generate a new CRL
              -crldays days  - Days is when the next CRL is due
              -crlhours hours - Hours is when the next CRL is due
              -startdate YYMMDDHHMMSSZ  - certificate validity notBefore
              -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)
              -days arg      - number of days to certify the certificate for
              -md arg        - md to use, one of md2, md5, sha or sha1
              -policy arg    - The CA 'policy' to support
              -keyfile arg    - private key file
              -keyform arg    - private key file format (PEM or ENGINE)
              -key arg        - key to decode the private key if it is encrypted
              -cert file      - The CA certificate
              -in file        - The input PEM encoded certificate request(s)
              -out file      - Where to put the output file(s)
              -outdir dir    - Where to put output certificates
              -infiles ….  - The last argument, requests to process
              -spkac file    - File contains DN and signed public key and challenge
              -ss_cert file  - File contains a self signed cert to sign
              -preserveDN    - Don't re-order the DN
              -noemailDN      - Don't add the EMAIL field into certificate' subject
              -batch          - Don't ask questions
              -msie_hack      - msie modifications to handle all those universal strings
              -revoke file    - Revoke a certificate (given in file)
              -subj arg      - Use arg instead of request's subject
              -extensions ..  - Extension section (override value in config file)
              -extfile file  - Configuration file with X509v3 extentions to add
              -crlexts ..    - CRL extension section (override value in config file)
              -engine e      - use engine e, possibly a hardware device.
              -status serial  - Shows certificate status given the serial number
              -updatedb      - Updates db for expired certificates
              Impossible to find C:*.old</infile>

              1 Reply Last reply Reply Quote 0
              • K
                kpa
                last edited by

                Remember to run vars.bat everytime before generating any keys.

                1 Reply Last reply Reply Quote 0
                • R
                  running
                  last edited by

                  Thank you! ;D
                  Not so good with all that code…

                  It created 3 files test.crt
                  test.csr
                  test.key

                  All normal?

                  What is the csr for anyway?

                  I will try it later and let you know

                  Thank you very mutch

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.