Question on certs with FreeRadius/Openssl

john at jetcityorange.com john at jetcityorange.com
Sun Sep 11 16:12:34 CEST 2005


Hello,

I’m not sure if this is the right forum for this but I thought I’d ask to see if anyone has ideas or input.  Please forgive me if this isn’t the right forum.  

 

We have a Fedora Core 1 box running FreeRadius 1.0.4 and OpenSSL-0.9.7g.  We would like to set up EAP/TLS.  Everything runs fine, the root cert creates fine, so does the client cert but the server cert does not create.  I get the following error:

 

ERROR: adding extensions in section xpserver_ext
5212:error:2207C082:X509 V3 routines:DO_EXT_CONF:unknown extension name:v3_conf.c:123:
5212:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in extension:v3_conf.c:92:name=extendedKeyUsager, value=1.3.6.1.5.5.7.3.1
No certificate matches private key
5214:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:140:
unable to load certificate
5215:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:637:Expecting: TRUSTED CERTIFICATE

I have combed the FAQ, along with multiple sites and pulled down the EAPTLS-FreeRadius doc to no avail.  I’ve verified my openssl.cnf and CA files carefully.  The xpextensions file is located in the same directory as my openssl.cnf file.  My question is what have I missed?  Is there some FreeRadius or OpenSSL config that I’m missing?

 

Thanks very much,

John







More information about the Freeradius-Users mailing list