key and cert building for vpns

I have successfully added a vpn on a droplet. It worked although there may be some leakage (separate issue). I initially set this up to work on a laptop. I want to create the keys etc to work on an Android device so in my console I ran the following :

root@droplet:/etc/openvpn/easy-rsa# ./build-key android

Instead of being asked the questions concerning attributes etc - I got:

’ Please edit the vars script to reflect your configuration, then source it with “source ./vars”. Next, to start with a fresh PKI configuration and to delete any previous certificates and keys, run “./clean-all”. etc’

If I check the directory /etc/openvpn/easy-rsa/keys there are no files relating to the new certificates.

I’m assuming the top command won’t delete any of the files the server needs? What am I doing wrong?


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

OK, so solved this.

One needs to REinitialise the PKI:

change directories to:

cd /etc/openvpn/easy-rsa

THEN re-initialize the PKI (Public Key Infrastructure). Pay attention to the dot (.) and space in front of ./vars command. That signifies the current working directory (source).

. ./vars

Follow the rest of the instructions and it creates the new profile keys and certificates.