Hi,
We are trying to build a freeradius server with EAP
(for WIFI purpose). Of course we have read the excellent how-to from Raymond
McKay (thanks !) but FreeRadius refuse to start, it seems that there is
something wrong with the certificate, here are the output:
eap:
default_eap_type = "tls"
eap: timer_expire = 60
tls:
rsa_key_exchange = no
tls: dh_key_exchange = yes
tls:
rsa_key_length = 512
tls: dh_key_length = 512
tls:
verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type =
yes
tls: private_key_file = "/etc/1x/igloo.pem"
tls:
certificate_file = "/etc/1x/igloo.pem"
tls: CA_file =
"/etc/1x/root.pem"
tls: private_key_password = "shared"
tls:
dh_file = "(null)"
tls: random_file = "/etc/1x/random"
tls:
fragment_size = 1024
tls: include_length = yes
78697:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:634:Expecting: CERTIFICATE
78697:error:06065064:digital
envelope routines:EVP_DecryptFinal:bad
decrypt:evp_enc.c:438:
78697:error:0906A065:PEM routines:PEM_do_header:bad
decrypt:pem_lib.c:423:
78697:error:140B0009:SSL
routines:SSL_CTX_use_PrivateKey_file:PEM
lib:ssl_rsa.c:707:
rlm_eap_tls: Error reading private key
file
I'va tryed to read pem_lib.c (line 634) but I understand NOTHING
:(
Perhaps a problem with the key length (1024 vs 512) ?
Of course, at
this stage, Freeradius is runned by root and the files root.pem and igloo.pem
exists ...
Some Idea ?
Nicolas
- Radius Attributes Jander Sunstar
- RE: Radius Attributes Tim McCracken
- Re: Radius Attributes Alan DeKok
- Pubs
