Hi,

We are trying to build a freeradius server with EAP (for WIFI purpose). Of course we have read the excellent how-to from Raymond McKay (thanks !) but FreeRadius refuse to start, it seems that there is something wrong with the certificate, here are the output:

eap: default_eap_type = "tls"
 eap: timer_expire = 60
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512

 tls: verify_depth = 0
 tls: CA_path = "(null)"
 tls: pem_file_type = yes
 tls: private_key_file = "/etc/1x/igloo.pem"
 tls: certificate_file = "/etc/1x/igloo.pem"
 tls: CA_file = "/etc/1x/root.pem"
 tls: private_key_password = "shared"
 tls: dh_file = "(null)"
 tls: random_file = "/etc/1x/random"
 tls: fragment_size = 1024
 tls: include_length = yes
78697:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:634:Expecting: CERTIFICATE
78697:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:evp_enc.c:438:
78697:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:423:
78697:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_
file:PEM lib:ssl_rsa.c:707:
rlm_eap_tls: Error reading private key file

I'va tryed to read pem_lib.c (line 634) but I understand NOTHING :(
Perhaps a problem with the key length (1024 vs 512) ?
Of course, at this stage, Freeradius is runned by root and the files root.pem and igloo.pem exists ...

Some Idea ?

Nicolas

Reply via email to