> Hi Tom/Tim > > > I copy my root cert, a vpn-server and a client cert, exported as PKCS#8 > > (Key and Cert) from OpenCA to the radius directory. > > > tls: pem_file_type = yes > > tls: private_key_file = > > \\\\\\\"/usr/local/etc/raddb/sh/cert-srv.pem\\\\\\\" > > tls: certificate_file = > > \\\\\\\"/usr/local/etc/raddb/sh/cert-srv.pem\\\\\\\" > > > 10941:error:0906D06C:PEM routines:PEM_read_bio:no start > > line:pem_lib.c:637:Expecting: CERTIFICATE > > 10941:error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown > > pbe algorithm:evp_pbe.c:89:TYPE=pbeWithMD5AndDES-CBC > > 10941:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor > > cipherinit error:p12_decr.c:83: > > 10941:error:2306A075:PKCS12 routines:PKCS12_decrypt_d2i:pkcs12 pbe crypt > > error:p12_decr.c:122: > > 10941:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_pkey.c:122: > > 10941:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM > > lib:ssl_rsa.c:709: > > Are you surte that your certificate-files are PEM encoded ? > So have a look at it - it should be a text-file starting with > \\\"-----BEGIN CERTIFICATE-----\\\" > > If so, try to open it with OpenSSL to verify that it is not corrupted > openssl x509 -in cert.pem -text > > If the file is not in PEM Form, you can convert it using: > openssl x509 -in cert.pem -inform der -out newcert.pem > > Oliver
Hi Oliver, yes i am sure, i used the \\\"Certificate and Keypair\\\" Field in my RA-Webinterface to Download the file as PKCS#8 File. So i get a screen with --Begin Certificat and --Begin Encrypted PrivatKey and so on. But when i look at the files from CA.all script, there are much more infos in the working certs like human readable \\\"subject\\\" and \\\"issuer\\\" and an value \\\"Bag Attributes localKeyID...\\\" > > -- > Diese Nachricht wurde digital unterschrieben > oliwel\\\'s public key: http://www.oliwel.de/oliwel.crt > Basiszertifikat: http://www.ldv.ei.tum.de/page72 > www.mails.at - Der kostenlose E-Mail Anbieter ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
