Hello,

I'm trying to set up freeradius to use EAP-TLS, using the CA.all script included with 
the distribution to generate the necessary server and client certificates. I'm using 
the CVS snapshot from 11/20/2003, with openssl 0.9.7c. openssl is installed in 
/usr/local/ssl, and I'm running the script from the /usr/local/ssl/certs directory.

Here's the output I get at the end at the step where the server cert is generated:

Certificate is to be certified until Nov 24 00:42:41 2004 GMT (365 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
+ openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p12 -clcerts 
-pa
ssin pass:whatever -passout pass:whatever
No certificate matches private key
+ openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:whatever -passout 
pass:w
hatever
23242:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too 
long:asn1_lib.c:14
0:
+ openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der
unable to load certificate
23243:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: 
TRU
STED CERTIFICATE
+ echo -e '\n\t\t##################\n'

                ##################

And here is the state of the certs directory:

-rwxr-xr-x    1 root     staff        3119 Nov 21 17:52 CA.all
-rw-r--r--    1 root     staff        9304 Nov 24 19:43 CA_output
-rw-r--r--    1 root     staff         689 Nov 24 19:42 cert-clt.der
-rw-r--r--    1 root     staff        1709 Nov 24 19:42 cert-clt.p12
-rw-r--r--    1 root     staff        2389 Nov 24 19:42 cert-clt.pem
-rw-r--r--    1 root     staff           0 Nov 24 19:42 cert-srv.p12
-rw-r--r--    1 root     staff           0 Nov 24 19:42 cert-srv.pem
drwxr-sr-x    6 root     staff        4096 Nov 24 19:42 demoCA
-rw-r--r--    1 root     staff           0 Nov 24 19:42 newcert.pem
-rw-r--r--    1 root     staff        1667 Nov 24 19:42 newreq.pem
-rw-r--r--    1 root     staff         906 Nov 24 19:42 root.der
-rw-r--r--    1 root     staff        1925 Nov 24 19:42 root.p12
-rw-r--r--    1 root     staff        2681 Nov 24 19:42 root.pem
-rw-r--r--    1 root     staff         148 Nov 21 18:29 xpextensions

Can someone take a look at this and possible tell me if I'm doing anything wrong? I 
scripted the entre output of CA.all, so I can send as an attachment if requested.

Thanks,

-Chris

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to