unable to load CA private key

[deg0nz]

Hi,

i can't get the container running. It already fails at creating the CA. I followed the readme exactly.
Everytime i start the init_pki command, there's a problem with the private key. I already tried running all containers with sudo and changed the permissions of /etc/openvpn.

Here's my output:

Your newly created PKI dir is: /etc/openvpn/pki

Generating a 2048 bit RSA private key
........................................................................+++
.........................................................................................+++
writing new private key to '/etc/openvpn/pki/private/ca.key.XXXXFeKjoN'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:

CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/etc/openvpn/pki/ca.crt

Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time

[Prime calc here]

DH parameters of size 2048 created at /etc/openvpn/pki/dh.pem

Generating a 2048 bit RSA private key
.....................................+++
...............+++
writing new private key to '/etc/openvpn/pki/private/open.vpn.kayuk.de.key.XXXXmPBgAM'
-----
Using configuration from /usr/share/easy-rsa/openssl-1.0.cnf
Enter pass phrase for /etc/openvpn/pki/private/ca.key:
unable to load CA private key
139697267367020:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529:
139697267367020:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:p12_decr.c:108:
139697267367020:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:139:
139697267367020:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:141:

Easy-RSA error:

signing failed (openssl output above may have more detail)

Am I missing something?
I'm running Ubuntu 15.10.

Thanks in advance!

P.S. I can give you the output of docker run --volumes-from $OVPN_DATA -p 1194:1194/udp --privileged -e DEBUG=1 kylemanna/openvpn also if you need it, but since the CA already fails, I don't think it's needed here

[kylemanna]

Does you docker run line include the important -i flag to connect standard input so you can input a passphrase? Double check the README.

[tspicer]

########
UPDATE
########

The issue was not using the passphrase that was entered when setting up the CA. If that us used when setting up the user everything works as expected.

#######

I did not want to create a separate issue, but I just walked through the process and had the same error

docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn easyrsa build-client-full name nopass
Generating a 2048 bit RSA private key
..................................................+++
.................................................................+++
writing new private key to '/etc/openvpn/pki/private/name.key.XXXXffNmOn'
-----
Using configuration from /usr/share/easy-rsa/openssl-1.0.cnf
Enter pass phrase for /etc/openvpn/pki/private/ca.key:
unable to load CA private key
140354826378348:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:534:
140354826378348:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:p12_decr.c:108:
140354826378348:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:139:
140354826378348:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:141:

Easy-RSA error:

signing failed (openssl output above may have more detail)

[kylemanna]

@tspicer Did you have the opportunity to pass in the CA key's passphrase? Or did it blow past it?

[hkparker]

Same issue here, just wasn't clear to me at first I was decrypting something and needed the previously used passphrase, but working great once I figured it out.

[deg0nz]

Okay, I solved my issue, in the way that I deleted all the docker containers and images for openVPN, pulled the current docker image and set everything up from the start.

---> AND I used the same passphrase when creating the CA, as @tspicer mentioned.

Thanks for your help!

I'm closing this issue now.

[wyujie]

Hi, I solve it by inputting a correct password.