Are you sure your key and certificate files are PEM encoded? Based on
the errors, it looks like they might be DER encoded.
--Mike
Tom Tim wrote:
Hi,
i am a newbie at freeradius.
I have a working installtion of freeradius.
After i have created certs using the CA.all script i can start radius.
My Microsoft Wlan client can authenticate on the radius.
All works fine.
But now i will use Certs from my OpenCa installation to authenticate wlan
clients.
My OpenCA installtion works fine to.
But when i use this certificates i cant start radius. radius_start -A -X shows
folloing output
************************************
Module: Loaded eap
eap: default_eap_type = \"md5\"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = \"Password: \"
gtc: auth_type = \"PAP\"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = \"(null)\"
tls: pem_file_type = yes
tls: private_key_file = \"/usr/local/etc/raddb/sh/cert-srv.pem\"
tls: certificate_file = \"/usr/local/etc/raddb/sh/cert-srv.pem\"
tls: CA_file = \"/usr/local/etc/raddb/sh/root.pem\"
tls: private_key_password = \"testtesttest\"
tls: dh_file = \"/usr/local/etc/raddb/certs/dh\"
tls: random_file = \"/usr/local/etc/raddb/certs/random\"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = \"(null)\"
10941:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:637:Expecting: CERTIFICATE
10941:error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe
algorithm:evp_pbe.c:89:TYPE=pbeWithMD5AndDES-CBC
10941:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit
error:p12_decr.c:83:
10941:error:2306A075:PKCS12 routines:PKCS12_decrypt_d2i:pkcs12 pbe crypt
error:p12_decr.c:122:
10941:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_pkey.c:122:
10941:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
lib:ssl_rsa.c:709:
rlm_eap_tls: Error reading private key file
rlm_eap: Failed to initialize type tls
radiusd.conf[9]: eap: Module instantiation failed.
*******************************************
Here you can see the working cert
********************************************
Bag Attributes
localKeyID: 0C BA ED 0A 7B E9 67 CD E7 0A 08 39 DB 9D 99 34 0A C6 2B A4
subject=/C=CA/ST=Province/L=Some City/O=Organization/OU=localhost/CN=Root certificate/[EMAIL PROTECTED]
issuer=/C=CA/ST=Province/L=Some City/O=Organization/OU=localhost/CN=Client
certificate/[EMAIL PROTECTED]
-----BEGIN CERTIFICATE-----
MIICyTCCAjKgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBnzELMAkGA1UEBhMCQ0Ex
ETAPBgNVBAgTCFByb3ZpbmNlMRIwEAYDVQQHEwlTb21lIENpdHkxFTATBgNVBAoT
DE9yZ2FuaXphdGlvbjESMBAGA1UECxMJbG9jYWxob3N0MRswGQYDVQQDExJDbGll
bnQgY2VydGlmaWNhdGUxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFtcGxlLmNv
bTAeFw0wNDAxMjUxMzI2MTBaFw0wNTAxMjQxMzI2MTBaMIGbMQswCQYDVQQGEwJD
QTERMA8GA1UECBMIUHJvdmluY2UxEjAQBgNVBAcTCVNvbWUgQ2l0eTEVMBMGA1UE
ChMMT3JnYW5pemF0aW9uMRIwEAYDVQQLEwlsb2NhbGhvc3QxGTAXBgNVBAMTEFJv
b3QgY2VydGlmaWNhdGUxHzAdBgkqhkiG9w0BCQEWEHJvb3RAZXhhbXBsZS5jb20w
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANrFJUIr/tsIJimiy6RLNEnJDQq0
YvtyyENKeCCYhj1+t9fnACjCt61VWlHMdWz0+h1wkWFatFDVKJVTrmYWr/AUpVCF
1rj7Su6YY45CYXXN02xmXGPNoXfTSSDrMFhe3IdzmZwpgPga1GOLu+ocgtBUAj23
7ySj7Bw/YkGpA9fzAgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG
SIb3DQEBBAUAA4GBAHotkhsc8TvymCqReOye3m2I7cF4oui9QKCgb7bwdplXiEzX
CEU3CDSW/RhBZSk/WDyOgkDraOBCyUsVdS5MB+gNCXea+j3VXCT6VKwpLXcgXRwk
d+0w1Z9Xyvm9If8qjRbMCRHFDk8pV2P8tg76PD0tDkOFD25vvihJAvboNQNl
-----END CERTIFICATE-----
Bag Attributes
localKeyID: 0C BA ED 0A 7B E9 67 CD E7 0A 08 39 DB 9D 99 34 0A C6 2B A4
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,45A3F7FFC07A6C8D
h2Hg0jIRPlwoC0CyYxdPB/+paKyJsW5RGYH4ZG0cooZUdzcc36E68MxN6rXxw8Qr
M14ZKr3VBgbpQD3k6SdvIYxeBK1O7V4A1NCaPl9qS4tQpHuCkwjelb+PouOC4C+5
dspfsKri9jMrX1pmzf1vWq7DSRgSisBzcdXkp2AkkLmpAtwhD+JD4gPNVoHUP0r3
TeM6/A8twoyi73off1pUKVTE1rFzuAl0mG5+VnLy6uHUemkpVr3nZMuVQoSp7zer
gaZvYJ5/yfjJdFMiyW0d9ZotHJ9/yfQzUwS/1M/ufrjr2cfQTn5VeOOvW+6hKqmV
sO0sXLPINnLleTr3bvJX6WrIMtl6I8RqzFmbn/uY1wEpVKugymdauqwmNvNCBQ+u
W0kNlQZffmE5YcH9QKKynrTB8QXa/RUhFKmqcK9ZdzI9t8cVrIGl1bogFZ72SDd8
/Cw8fUWh+UMoRwrrOI/g/ZYKeq6UbUVTzEs7RNuPJ1LqiT+RG6HNzUfIsvo+8tTL
nw8bpKa2uG2pGyzGNT9R3iT29xqwrZNond4mWh+xlzSqhmznaentexQGPqJJ4tAx
dd+jt0zCDMPH7UjWcAcobEaZQzZ4JMGURctQUnbFt1YynFUtiD8Rxvw30Yi1xrw7
qNnFdCskuqOPxzqvM/wJG2A04+qvYegA2aO/4CGLTiDE2EPQ4OgRYCf0frSLTDQa
eUMfqVPBhiB8h82YI1Q41GwEP7Fuo+E5LLCTNEYREgb/kxfRwxECrtIzp2q27Qwr
Mglxw0layFcCNePypRz4Nuwhl1o1kXICp6dtHb2TTeuEorKdOG6PeA==
-----END RSA PRIVATE KEY-----
******************************+
And here the OpenCA cert not working
*******************************
-----BEGIN CERTIFICATE-----
MIIFhzCCA2+gAwIBAgIBFDANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJERTEP
MA0GA1UEChMGQmludGVjMQ0wCwYDVQQDEwRyb290MR0wGwYJKoZIhvcNAQkBFg5y
b290QGxvY2FsaG9zdDAeFw0wNTA1MTcwNzI3NDRaFw0wNzAyMjYwNzI3NDRaMEMx
CzAJBgNVBAYTAkRFMQ8wDQYDVQQKEwZCaW50ZWMxETAPBgNVBAsTCEludGVybmV0
MRAwDgYDVQQDEwd3bGFuc3J2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3
GSZpO/tjklslwv1PibcZLGtm9iHmunD9Q6eseEV/1w9bENXd9ocRx984kM6J4V/1
Pg3BJWVlKJjM6VzYdAund7mt7oSlzkFtrUJsZm90oAMTQL6XtGuuLulRxKUNzWyN
afIT+1WmXE2d9PIPsd9bhpbnbpdY+nP/HoJM9d5qHwIDAQABo4IB/zCCAfswCQYD
VR0TBAIwADA4BgNVHSAEMTAvMC0GBCoDAwQwJTAjBggrBgEFBQcCARYXaHR0cDov
L3NvbWUudXJsLm9yZy9jcHMwEQYJYIZIAYb4QgEBBAQDAgZAMAsGA1UdDwQEAwIF
4DAjBglghkgBhvhCAQ0EFhYUVlBOIFNlcnZlciBvZiBCaW50ZWMwHQYDVR0OBBYE
FE3RXLKs3MJcc3y+aAt0oAmfRMXtMHwGA1UdIwR1MHOAFMYOl7Qk6KtOa+KHgXT3
da1FBwq0oVCkTjBMMQswCQYDVQQGEwJERTEPMA0GA1UEChMGQmludGVjMQ0wCwYD
VQQDEwRyb290MR0wGwYJKoZIhvcNAQkBFg5yb290QGxvY2FsaG9zdIIJAJJdwdUP
dx5YMBwGA1UdEQQVMBOBEXdsYW5zcnZAbG9jYWxob3N0MBkGA1UdEgQSMBCBDnJv
b3RAbG9jYWxob3N0MDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vbG9jYWxob3N0L3B1
Yi9jcmwvY2FjcmwuY3JsMDEGCWCGSAGG+EIBAwQkFiJodHRwOi8vbG9jYWxob3N0
L3B1Yi9jcmwvY2FjcmwuY3JsMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9sb2Nh
bGhvc3QvcHViL2NybC9jYWNybC5jcmwwDQYJKoZIhvcNAQEFBQADggIBAA6QBZu/
A8nBp5NFuoLdcj2oHIV3DhxLOQywrFif6DQtRTECJg1gn81TKl7N7Ao9YexQTEPf
HobAMZ6ItMLBbGQOifTucKWN7K8EQP2fjdJ2s0S1wgRuX3Q/Ncm3OlepnJ0E++UE
i4wcX25VAPuAONrouhiIMd0evPYyr6Akw2vO5bUEv7UaEx9Wcjq5QSVGWrthdt6Y
cH0Mtlld2wTegYpkyjblHTW39bAunZ5AkvArb2kaR+3CUPa6bL9hGwDooS26+dHG
V3aK5tGwHSt2Z8VdU9QkYrGFODVtcO+htXgb8vaVp++2ISf6hB8KF17HEuHn0ZLZ
sA5QxGIpAHEGAWz2IHunM/B/seAFMnINFiMO01dS6ZEZIv2Bm8Hk7H8jWL5Oyxt9
MSP/gZV87ScXnk8jzz2WXT+ij/Sk/wT3Gi0h2PgHlf75UnxhjmVjqwvMTyeX7Mak
dSgpyqzAUWHNPZ54M0aWOwX5vaSOmKQUNLFOAXDl1UYd+1xxu6EdZOYaNX6slI2y
DXo4SwUGB09SuZoTGPKGGYIi/ZLVFgm24ISrrkMmYtOZMGpVNhZDPoNhJcNgtjR9
utGIOlUuS4mfrbOdPysbJsjPVkq9yPNG/7lYh9B7KKjFuUK//8LPRgNIwEMdTogb
xv+GB+tKeOjwoMBN3dVhQFF59ed9laaFfsVJ
----END CERTIFICATE-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICoTAbBgkqhkiG9w0BBQMwDgQIt0V4xGmMRNECAggABIICgBvprRFUKE+XavI8
0jaUi2WaY16WTW45/9AHjUaOtM8q71OlSZPnZRxo9p9xXTTRoWxYyUp8tEjffDTX
hgj4aZE+CaGlr5p+pArBHnwJvBFrXf8MQ41Zxe6c45ndT1j0Yc1amqhq1vg4THmB
J9+Vil4lio61xXcbsmzrgZ4YgpqdjcOfbcKPBSt9BF+ur47FfgCEIV9mg2NzRE8T
AhUg1IdeTxX9AaDybW5f0a9KyK0rtBGaaSIyp9weCCfG+YI+yw87bJrcSThCfEmb
3ug27pNU9uXirK2LXvxnnYx3E8Tl67vCh2Rg3lE0/vpESGvUbEqH6HzeGrgy5ujV
2yvFt9W/MovG+Gnzf0u9AzzC4KEGJEnsAbK0IioUF80iZOdf/327N8qkxN4z8R0J
AAIxGk+/NXYZ2cMRV/fNmhJU1wdjsAHJWXl//XRG0IZuKHsk+dtrHdLAoHJyu3L2
PGn9jX9Ds0olppv8+itxbFh+r1TEGPgzYTODsAW8JOF2l66gbCW8qYNgjRtq2Ou0
qX9+SzpPYskLquSJC3je0PvbhuBtS7G2p3r7DEilFbMlm9wTtJ73V8q3rk2L5zqI
C3R21tzq2Z9+g8aGAGZZnlnapkBobKooVgwEpp3iWi8f8Nlyr/Q0m7O1S6QbcX2j
bpZp6fvejG6Mu0CNnx26muSOFbdJPeTKc6BDN/FipR8Gri+C+Vx7BSFYgtUm2zmQ
i11RgBjwZZju4d0NV2hGObjI8CYqVXoP11UjUGh6gwfJJz3hcXv6I9vP46B4bENo
8ofxjN3hlE04H0ak+EXHGSIILVfGNJS0aYbC02rSoRyApcBtr/L0hWD5AWEI2d+Z
AUnYXSg=
-----END ENCRYPTED PRIVATE KEY-----
***********************************
The file is not corrupted, i tested it!
Hope anyone has an idea
Thanks
tim
www.mails.at - Der kostenlose E-Mail Anbieter
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
