Hi Tom/Tim
I copy my root cert, a vpn-server and a client cert, exported as PKCS#8 (Key and Cert) from OpenCA to the radius directory.
tls: pem_file_type = yes tls: private_key_file = \"/usr/local/etc/raddb/sh/cert-srv.pem\" tls: certificate_file = \"/usr/local/etc/raddb/sh/cert-srv.pem\"
10941:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:637:Expecting: CERTIFICATE 10941:error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe algorithm:evp_pbe.c:89:TYPE=pbeWithMD5AndDES-CBC 10941:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:p12_decr.c:83: 10941:error:2306A075:PKCS12 routines:PKCS12_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:122: 10941:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_pkey.c:122: 10941:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:709:
Are you surte that your certificate-files are PEM encoded ?So have a look at it - it should be a text-file starting with "-----BEGIN CERTIFICATE-----"
If so, try to open it with OpenSSL to verify that it is not corrupted openssl x509 -in cert.pem -text If the file is not in PEM Form, you can convert it using: openssl x509 -in cert.pem -inform der -out newcert.pem Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
