"Patrick Mowry" <[EMAIL PROTECTED]> wrote:
> openssl genrsa -out privkey.pem 2048
> openssl req -new -key privkey.pem -outform PKCS#10 -out cert.csr
>
> and copy/pasted the contents of cert.csr into the PKCS # 10 Request
> field on the web site request form. what I received back was a text
> file that began:
...
The certificate looks reasonable to me. All I can suggest is trying
to figure out what's different between it and the normal demo certs.
> I also grabbed the CA Certificate Chain also in Base 64
> encoded format. How do I put these in a format FreeRadius
> can use? I assume I have to run the binary output from
> base64 through openssl to convert it to .pem format,
Why?
[EMAIL PROTECTED] cert]$ more cert-srv.pem
Bag Attributes
localKeyID: 39 CC 89 34 5F A6 C3 36 F3 22 D8 2E 52 F6 97 05 50 CF 28 6A
subject=/C=CA/ST=Ontario/L=Ottawa/O=Test Suff/CN=radiusd/[EMAIL PROTECTED]
issuer=/C=CA/ST=Ontario/L=Ottawa/O=Test Suff/CN=root/[EMAIL PROTECTED]
-----BEGIN CERTIFICATE-----
MIICjzCCAfigAwIBAgIBAjANBgkqhkiG9w0BAQQFADB/MQswCQYDVQQGEwJDQTEQ
...
> FreeRadius runs fine if I use the sample certificates available on
> the web. I asked on the openssl-users list with no response. So
> that's why I'm posting here.
It's really more of an openssl question, unfortunately.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
