Installing OpenVPN. Issues with generating CA CRL

Installing and Using OpenWrt
1

I've been using LEDE for a few months and I'm trying to set up and configure OpenVPN for my network.

I don't have much experience using this software, so I'm following this guide:

https://wiki.openwrt.org/doc/howto/openvpn-streamlined-server-setup

I'm attempting to generate the CA CRL using the following command:

**openssl ca -gencrl -keyfile ca/OpenWrt-CA.key.pem -cert ca/OpenWrt-CA.crt.pem -out crl/OpenWrt-CA.crl.pem -config ./openssl.cnf**

However, I'm receiving the following error:

**root@LEDE:/etc/ssl# openssl ca -gencrl -keyfile ca/OpenWrt-CA.key.pem -cert ca/OpenWrt-CA.crt.pem -out cr**
**l/OpenWrt-CA.crl.pem -config ./openssl.cnf**
**Using configuration from ./openssl.cnf**
**Enter pass phrase for ca/OpenWrt-CA.key.pem:**
**.\index: No such file or directory**
**unable to open '.\index'**
**3069584580:error:02001002:lib(2):func(1):reason(2):NA:0:fopen('.\index','r')**
**3069584580:error:20074002:lib(32):func(116):reason(2):NA:0:**

Which is strange because this file does exist, as shown in the following command:

**root@LEDE:/etc/ssl# ll ./index**
**-rwxrwxrwx    1 root     root             1 Apr 12 18:34 ./index**

Am I missing something? Is there another process that has this file open?

Thank you!

2

Your openssl.cnf is maybe written for windows, so it is looking for .\index, which is not ./index.

3

Oh wow, that does seem to be the problem!

Thanks, it looks like this issue repeats a few times in the .cnf file. Which is weird because the file is provided by the guide. I've provided a link to it below. I guess I'll just replace all of the backslashes with forward slashes in the file paths.

https://github.com/JW0914/Wikis/blob/master/Scripts%2BConfigs/OpenSSL/openssl.cnf

4

See Lines 3, 12 - 18...

  • Line 3:
               ##::[[---  Windows OpenSSL Config  ---]]::##
  • Lines 12 - 18
      # BSD/Linux/Mac users:

    # Replace all single/double backslashes with forward slashes. You may also wish to utilize lowercase only,
    # and if utilizing spaces in names, ensure utilization of proper break format, i.e. './Sophos\ UTM\ CA.crt'

    # Ensure EOLs are LF, not CRLF
      # Windows uses CRLF, UNIX utilizes LF