Testing OpenCA is a never ending story :-) I use the following configuration ************************** * Debian Linux Sarge 3 * OpenCA 0.9.2.2 * Installtion like Dartmouth howto * LDAP,RA,CA,batch and scep is working fine **************************
Now i want to use Freeradius as EAP_TLS access server for Microsoft WLAN clients. If i use the freeradius \"CA.all\" script to generate root, server and client certs all work fine. But now i want to use certs from OpenCa to authenticate my clients. I copy my root cert, a vpn-server and a client cert, exported as PKCS#8 (Key and Cert) from OpenCA to the radius directory. But now i got the following output from radius at startup. ******************************* Module: Loaded eap eap: default_eap_type = \"md5\" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = \"Password: \" gtc: auth_type = \"PAP\" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = \"(null)\" tls: pem_file_type = yes tls: private_key_file = \"/usr/local/etc/raddb/sh/cert-srv.pem\" tls: certificate_file = \"/usr/local/etc/raddb/sh/cert-srv.pem\" tls: CA_file = \"/usr/local/etc/raddb/sh/root.pem\" tls: private_key_password = \"testtesttest\" tls: dh_file = \"/usr/local/etc/raddb/certs/dh\" tls: random_file = \"/usr/local/etc/raddb/certs/random\" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = \"(null)\" 10941:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:637:Expecting: CERTIFICATE 10941:error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe algorithm:evp_pbe.c:89:TYPE=pbeWithMD5AndDES-CBC 10941:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:p12_decr.c:83: 10941:error:2306A075:PKCS12 routines:PKCS12_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:122: 10941:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_pkey.c:122: 10941:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:709: rlm_eap_tls: Error reading private key file rlm_eap: Failed to initialize type tls radiusd.conf[9]: eap: Module instantiation failed. ******************************************** I think my certificates are wrong. Any ideas? Thanks www.mails.at - Der kostenlose E-Mail Anbieter ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
