key and cert building for vpns

Posted February 7, 2016 5.4k views

I have successfully added a vpn on a droplet. It worked although there may be some leakage (separate issue). I initially set this up to work on a laptop. I want to create the keys etc to work on an Android device so in my console I ran the following :

root@droplet:/etc/openvpn/easy-rsa# ./build-key android

Instead of being asked the questions concerning attributes etc - I got:

’ Please edit the vars script to reflect your configuration,
then source it with “source ./vars”.
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run “./clean-all”. etc’

If I check the directory /etc/openvpn/easy-rsa/keys there are no files relating to the new certificates.

I’m assuming the top command won’t delete any of the files the server needs? What am I doing wrong?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

OK, so solved this.

One needs to REinitialise the PKI:

change directories to:

cd /etc/openvpn/easy-rsa

THEN re-initialize the PKI (Public Key Infrastructure). Pay attention to the dot (.) and space in front of ./vars command. That signifies the current working directory (source).

. ./vars

Follow the rest of the instructions and it creates the new profile keys and certificates.