Hi, I had generated certificates for EAP-TLS authentication. It worked fine in a linux setup but windows wouldn't play ball.
Somebody pointed out that the CA.* scripts in the ssl directory can generate windows compatible certs. I did that but when I try to use that I get the following error regarding the private key I use during the eap handshake at the supplicant end (taken from the logs of wpa_supplicant). ================================================== OpenSSL: tls_connection_client_cert - SSL_use_certificate_file (DER) failed error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error OpenSSL: pending error: error:140C800D:SSL routines:SSL_use_certificate_file:ASN1 lib OpenSSL: SSL_use_certificate_file (PEM) --> OK OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (DER) failed error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag OpenSSL: pending error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error OpenSSL: pending error: error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib OpenSSL: pending error: error:140CB00D:SSL routines:SSL_use_PrivateKey_file:ASN1 lib OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (PEM) failed error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe algorithm OpenSSL: pending error: error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error OpenSSL: pending error: error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error OpenSSL: pending error: error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib OpenSSL: pending error: error:140CB009:SSL routines:SSL_use_PrivateKey_file:PEM lib OpenSSL: tls_read_pkcs12 - Failed to use PKCS#12 file error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error OpenSSL: Failed to load private key TLS: Failed to load private key '/home/user/supplicant_testing/eap_authenticator_test/last_cert/newkey.pem' ================================================== I use wpa_supplicant (0.7.1) in the supplicant end. Can somebody plz give me some pointers on how to get over this problem. Is there any specific ssl command or openssl configuration at the supplicant end that I need to take care of... -- View this message in context: http://freeradius.1045715.n5.nabble.com/Openssl-Private-Key-error-tp4704998p4704998.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
