OpenVPN - stuck at generate CA

Hello,

I want to use the TO as VPN server and would like to use the gui to set it up. When I click the button for "generate CA"
I see the green bar indicating the TO started to generate CA but nothing really happens. I waited 10min and refreshed the site. The green bar was gone and I just can click again “generate CA” which again shows no progress when I check it later.

How can I check the genrate CA process is triggered?

It takes really long time (tens of minutes or even hour) to generate certificate on router. If you have little to no activity on router then it has low entropy end openssl generating certificates waits for entropy to raise again. This just takes long. Yes it’s not nice that it’s not reported any way in interface, but it should be generating. If you really want to be sure or if it takes hours and nothing happened then use ssh and try command pstree to see if there is some openssl process running. If not and you still don’t have ability to set certificates in Foris then you might discovered bug. In such case please follow: https://www.turris.cz/doc/en/howto/error_reporting.

1 Like