|
To All,
I've followed Raymond Mckay EAP/TLS MPPE WinXP(SP1)
HOWTO step-by-step
on my RedHat Linux 8. Everything works great
except on Chapter 6 where I have
run into problems with "Certficate Generation"
where the CA.root scripts work but
the CA.svr and CA.clt do not. Here are the
errors below. As a new linux user,
I don't know what I need to do in making it
work. Please help.
Raymond, I can that you have me and other linux
users with your instructions.
I would like to say "THANK YOU!".
David Tran
0) The machine is running Redhat Linux 8.0.
This machine hostname is resolved by
DNS server as "linux-radius.micronetsolution.com"
to 172.16.1.2
2) unzip, untar and compile and everything looks
good. By the way, I use the same
layout directory as described by
you in instructions. Look good so far,
3) modify the Makefile in src/modules/rlm_eap/types/rlm_eap_tls and type
"make",
Look good.
3a) modify the openssl.conf to suit my need
(basically, put in my email, location, etc...)
4) Certificate Generation. I copy the
CA.root, CA.svr, CA.clt from the instructions. I change the
password from "whatever" to "test123",
5) when I run CA.root, look good
6) when I run CA.svr and CA.clt, I am getting
error:
here are the errors:
[root@linux-radius ssl]#
pwd
/usr/local/openssl-certgen/ssl [root@linux-radius ssl]# ls -l total 64 -rwx------ 1 root root 1731 Nov 2 10:25 CA.clt -rwx------ 1 root root 2208 Nov 2 10:25 CA.root -rwx------ 1 root root 1674 Nov 2 10:25 CA.svr drwxr-xr-x 2 root root 4096 Nov 1 15:11 certs drwxr-xr-x 6 root root 4096 Nov 2 10:25 demoCA drwxr-xr-x 2 root root 4096 Nov 1 15:11 lib drwxr-xr-x 6 root root 4096 Nov 1 15:07 man drwxr-xr-x 2 root root 4096 Nov 1 15:11 misc -rw-r--r-- 1 root root 7665 Nov 2 10:22 openssl.cnf -rw-r--r-- 1 root root 7521 Nov 2 07:48 openssl.cnf.orig drwxr-xr-x 2 root root 4096 Nov 1 15:11 private -rw-r--r-- 1 root root 986 Nov 2 10:25 root.der -rw-r--r-- 1 root root 2005 Nov 2 10:25 root.p12 -rw-r--r-- 1 root root 2844 Nov 2 10:25 root.pem [root@linux-radius ssl]# ls
CA.clt CA.root CA.svr certs demoCA lib man misc openssl.cnf openssl.cnf.orig private root.der root.p12 root.pem [root@linux-radius ssl]# CA.root ********************************************************************************* Creating self-signed private key and certificate When prompted override the default value for the Common Name field ********************************************************************************* Generating a 1024 bit RSA private
key
......++++++ ..........................................++++++ writing new private key to 'newreq.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]: State or Province Name (full name) [Maryland]: Locality Name (eg, city) [Beltsville]: Organization Name (eg, company) [micronetsolution]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) [Micronetsolution Wireless Network]: Email Address [[EMAIL PROTECTED]]: ********************************************************************************* Creating a new CA hierarchy (used later by the ca command) with the certificate and private key created in the last step ********************************************************************************* *********************************************************************************
Creating ROOT CA ********************************************************************************* MAC verified OK
[root@linux-radius ssl]# CA.svr linux-radius ********************************************************************************* Creating server private key and certificate When prompted enter the server name in the Common Name field. ********************************************************************************* Generating a 1024 bit RSA private
key
.................................................++++++ ..............................................................................++++++ writing new private key to 'newreq.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]: State or Province Name (full name) [Maryland]: Locality Name (eg, city) [Beltsville]: Organization Name (eg, company) [micronetsolution]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) [Micronetsolution Wireless Network]:linux-radius Email Address [[EMAIL PROTECTED]]: Please enter the following 'extra' attributes
to be sent with your certificate request A challenge password []:test123 An optional company name []: Using configuration from /usr/local/openssl-certgen/ssl/openssl.cnf ERROR: loading the config file 'xpextensions' 12609:error:02001002:system library:fopen:No such file or directory:bss_file.c:104:fopen('xpextensions','rb') 12609:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:107: 12609:error:0E064072:configuration file routines:CONF_load:no such file:conf_def.c:197: Error opening input file newcert.pem newcert.pem: No such file or directory Error opening input file linux-radius.p12 linux-radius.p12: No such file or directory Error opening Certificate linux-radius.pem 12612:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('linux-radius.pem','r') 12612:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261: unable to load certificate [root@linux-radius ssl]# CA.clt tranda1 ********************************************************************************* Creating client private key and certificate When prompted enter the client name in the Common Name field. This is the same used as the Username in FreeRADIUS ********************************************************************************* Generating a 1024 bit RSA private
key
........................................++++++ ...........++++++ writing new private key to 'newreq.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]: State or Province Name (full name) [Maryland]: Locality Name (eg, city) [Beltsville]: Organization Name (eg, company) [micronetsolution]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) [Micronetsolution Wireless Network]:tranda1 Email Address [[EMAIL PROTECTED]]: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:test123 An optional company name []: Using configuration from /usr/local/openssl-certgen/ssl/openssl.cnf ERROR: loading the config file 'xpextensions' 12616:error:02001002:system library:fopen:No such file or directory:bss_file.c:104:fopen('xpextensions','rb') 12616:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:107: 12616:error:0E064072:configuration file routines:CONF_load:no such file:conf_def.c:197: Error opening input file newcert.pem newcert.pem: No such file or directory Error opening input file tranda1.p12 tranda1.p12: No such file or directory Error opening Certificate tranda1.pem 12619:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('tranda1.pem','r') 12619:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261: unable to load certificate [root@linux-radius ssl]# |
