Hi,all:
I am new to freeradius world. I am trying to setup EAP-TLS using freeradius server. Would you pls tell me which cisco access point is preferred for the EAP-TLS setup?
I have installed openssl-0.9.8 and freeradius-1.0.5 on Redhat 9.0. I tried several times to generate certificate by runing CA.all script which was downloaded from www.missl.cs.umd.edu/wireless/eaptls. But each time I met same issue and failed to generate the certificates. I just typed "./CA.all" to run the script, is there any optional parameters need I input ? (I did not update the file /usr/local/openssl/ssl/openssl.cnf and CA.all)
the following is part of the error log:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:whatever
An optional company name []:radius
Using configuration from /usr/local/openssl/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem: (I entered "whatever" for pass phrase, right? I don't know what is the pass phrase?)
./demoCA/serial: No such file or directory (I think this file ./demoCA/serial will be created automatically when running the CA.all, right?)
error while loading serial number
4427:error:02001002:system library:fopen:No such file or directory:bss_file.c:349:fopen('./demoCA/serial','r')
4427:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:351:
No certificate matches private key
4429:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:
unable to load certificate
4430:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE
to be sent with your certificate request
A challenge password []:whatever
An optional company name []:radius
Using configuration from /usr/local/openssl/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem: (I entered "whatever" for pass phrase, right? I don't know what is the pass phrase?)
./demoCA/serial: No such file or directory (I think this file ./demoCA/serial will be created automatically when running the CA.all, right?)
error while loading serial number
4427:error:02001002:system library:fopen:No such file or directory:bss_file.c:349:fopen('./demoCA/serial','r')
4427:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:351:
No certificate matches private key
4429:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:
unable to load certificate
4430:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE
Enclosed is the complete log of runing the script CA.all. I am not clear the root cause. Your help is very appreciated. had better provide me a successful log of running the CA.all. I don't know which information I should input when runing the CA.all.
Thanks a lot
ann
雅虎免费G邮箱-中国第一绝无垃圾邮件骚扰超大邮箱
雅虎助手-搜索、杀毒、防骚扰
run ./CA.all
##################
create private key
name : name-root
CA.pl -newcert
##################
Generating a 1024 bit RSA private key
...........++++++
..................++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Beijing
Locality Name (eg, city) []:Beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:OpenTide
Organizational Unit Name (eg, section) []:IT Solution
Common Name (eg, YOUR name) []:wanghao
Email Address []:[EMAIL PROTECTED]
##################
create CA
use just created 'newreq.pem' private key as filename
CA.pl -newca
##################
CA certificate filename (or enter to create)
##################
exporting ROOT CA
CA.pl -newreq
CA.pl -signreq
openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem
-out root.pem
openssl pkcs12 -in root.cer -out root.pem
##################
MAC verified OK
##################
creating client certificate
name : name-clt
client certificate stored as cert-clt.pem
CA.pl -newreq
CA.pl -signreq
##################
Generating a 1024 bit RSA private key
..................++++++
..........................++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Beijing
Locality Name (eg, city) []:Beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:OpenTide
Organizational Unit Name (eg, section) []:IT Solution
Common Name (eg, YOUR name) []:wanghao
Email Address []:[EMAIL PROTECTED]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:whatever
An optional company name []:radius
Using configuration from /usr/local/openssl/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
./demoCA/serial: No such file or directory
error while loading serial number
4427:error:02001002:system library:fopen:No such file or
directory:bss_file.c:349:fopen('./demoCA/serial','r')
4427:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:351:
No certificate matches private key
4429:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too
long:asn1_lib.c:150:
unable to load certificate
4430:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE
##################
creating server certificate
name : name-srv
server certificate stored as cert-srv.pem
CA.pl -newreq
CA.pl -signreq
##################
Generating a 1024 bit RSA private key
..............................++++++
..........++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
