Hi,

I have a tricky problem and would appreciate any help i can get.

I have a OpenVPN structure based on PKI, i generate the certificates with the tools that come with OpenVPN(easy-rsa).
I have created a few clientcerts and a couple server certs and everything works fine.

Now to the problem. When i tried to create a new client certificate today with the ./build-key <name> command i get this:

Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys.

This is what i would get if i was doing this the first time and creating a new rootcert and so on. This is not what i want to do, if i create a new rootcert i must recreate all my server and clientcerts wich would be a real pain.
What could cause this behavior, the only thing i could think of that has changed is that the CA is located on a virtual machine and i moved it to another folder on the vmware host.

My Questions are. Have all settings been reset somehow? What caused this(so i can avoid it in the future)? And can i solve it somehow so i dont have to recreate all my certs ?

Hope this is understandable, please ask if its unclear.

If anyone have a solution for this or can point me in the right direction i would be very thankful!

Regards
Chillster

i'm not familiar with OpenVPN(easy-rsa) regarding CA and keys but i've seen problems with other distributions/versions that had relative paths in openssl configuration file(s) which caused problems if you did not run the key-gen scripts in the correct directory you'd encounter similar problems...

I made it a habit to set static path(s) in appropriate config file(s) so that i could run the commands/scripts from anywhere and the correct files would be found. for example, an openssl.cnf will typically define dir = . but I'd modify it to be dir = /etc/pki/CA/ (or wherever).

hope this helps.