edit ur openssl.cnf to point to the correct ca certificate and its private
key..obviously the file is not the path that the cnf is looking at..
hi everybody, well finally get install openssl v0.9.8a, now when i try to
generate certificates to be used with freeradius (eap-tls or eap-peap) i use
these commands to CERTIFICATE AUTHORITY GENERATION:
#openssl req -new -x509 -keyout newreq.pem -out newreq.pem -passin
pass:clue1 -passout pass:clue1
#openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out
root.p12 -cacerts -passin pass:clue1 -passout pass:clue1
#openssl pkcs12 -in root.p12 -out root.pem -passin pass:clue1 -passout
pass:clue1
(i copied root.p12 from freeradius files)
#openssl x509 -inform PEM -outform DER -in root.pem -out root.der
#rm -rf newreq.pem
and these to SERVER CERTIFICATE GENERATION:
#openssl req -new -keyout newreq.pem -out newreq.pem -passin pass:whatever
-passout pass:clue1
#openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever
-key whatever -extensions xpserver_ext -extfile xpextensions -infiles
newreq.pem
right here, when using this command i get this error:
Error opening CA private key ./demoCA/private/cakey.pem
4161:error:02001002:system library:fopen:No such file or
directory:bss_file.c:349:fopen ('./demoCA/private/cakey.pem' ,'r')
4161:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:351:
unable to load CA private key
well i really don't understand what this mean but reviewed
./demoCA/private/cakey.pem and effectively it's there, so why openssl cann't
locate it?? why unable to load CA private key??
so, i tried this:
#openssl x509 -inform PEM -outform DER -in demoCA/cacert.pem -out
demoCA/cacert.der
but now get this:
4201:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE
excuse if this question is so trivial but i really don't understand it.
could any body help and tell me what is happening?? thanks for your patience
and help.
greetings
_________________________________________________________________
Charla con tus amigos en lĂnea mediante MSN Messenger:
http://messenger.latam.msn.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
