openssl fails

pelusa vali pelusitavali at hotmail.com
Thu Dec 29 00:34:06 CET 2005


hi everybody, well finally get install openssl v0.9.8a, now when i try to 
generate certificates to be used with freeradius (eap-tls or eap-peap) i use 
these command to CERTIFICATE AUTHORITY GENERATION:

#openssl req -new -x509 -keyout newreq.pem -out newreq.pem -passin 
pass:clue1 -passout pass:clue1
#openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out 
root.p12 -cacerts -passin pass:clue1 -passout pass:clue1
#openssl pkcs12 -in root.p12 -out root.pem -passin pass:clue1 -passout 
pass:clue1

(i copied root.p12 from freeradius files)

#openssl x509 -inform PEM -outform DER -in root.pem -out root.der
#rm -rf newreq.pem

and these to SERVER CERTIFICATE GENERATION:

#openssl req -new -keyout newreq.pem -out newreq.pem -passin pass:whatever 
-passout pass:clue1
#openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever 
-key whatever -extensions xpserver_ext -extfile xpextensions -infiles 
newreq.pem

right here, when using this command i get this error:

Error opening CA private key ./demoCA/private/cakey.pem
4161:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:349:fopen ('./demoCA/private/cakey.pem' ,'r')
4161:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:351:
unable to load CA private key

well i really don't understand what this mean but reviewed 
./demoCA/private/cakey.pem and effectively it's there, so why openssl cann't 
locate it?? why unable to load CA private key??

so, i tried this:

#openssl x509 -inform PEM -outform DER -in demoCA/cacert.pem -out 
demoCA/cacert.der

but now get this:

4201:error:0906D06C:PEM routines:PEM_read_bio:no start 
line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE

excuse if this question is so trivial but i really don't understand it. 
could any body help and tell me what is happening?? thanks for your patience 
and help.

_________________________________________________________________
Las mejores tiendas, los precios mas bajos, entregas en todo el mundo, 
YupiMSN Compras: http://latam.msn.com/compras/




More information about the Freeradius-Users mailing list