Yes, Before I tried for the second time to make self signed certs - I did use the command prompt command in the CA doc to delete everything *.pem. *.der, etc.
>edit ca.cnf, server.cnf and client.cnf to ensure that >everything matches and expects the same organisation etc... >then you can re-run the bootstrap and it'll be fine I thought you only needed to edit the ca.cnf if you needed to make self signed root certs for EAP-PEAP clients. I did not see any note that said you needed to make the same edits to the server.cnf and client.cnf's ?? Any way, If that is required I will give a go. Just so I am sure "what has to be changed" in the *.cnf's for this to work - please confirm by looking at what I intend to edit = * [ req ] prompt = no distinguished_name = certificate_authority default_bits = 2048 * input_password = whatever * output_password = whatever x509_extensions = v3_ca [certificate_authority] * countryName = FR * stateOrProvinceName = Radius * localityName = Somewhere * organizationName = Example Inc. * emailAddress = [email protected] * commonName = "Example Certificate Authority" Steven -----Original Message----- From: Alan Buxey <[email protected]> Subject: Re: Self Signed Certs Fail - pem/der Hi, > For some unknown reason my self certs failed to work in either client. > After trying this twice and have both attempts fail I regenerated the > original CA’s for “example” using ./bootstrap, the old CA.cnf file - they > both worked for my clients (Linux/WinXP) you need to ensure all the old stuff is gone.. cd $place/raddb/certs make clean make destroycerts edit ca.cnf, server.cnf and client.cnf to ensure that everything matches and expects the same organisation etc then you can re-run the bootstrap and it'll be fine (or should be!) PS this is for a modern version - eg 2.1.6 alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Steven Sprague <[email protected]> -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
