EAP-TLS: Certificate creation doesn't work (Debian)

Julian Stöver julian_st at gmx.de
Sun Dec 16 00:21:17 CET 2007


ok, i already tried to fix the script but didn't tried your hint.

i've put some extra "echo 00 > serial" into CA.certs, because the file  
was delete during running the script.

everthing is fine now :-)

thanks!

Am 15.12.2007 um 22:55 schrieb ikpirhu last:

> you have to look at certs.sh and modify the paths in that file.
> aswell the openssl.cnf file.
> its a kindda workaround but i dont have a better way.
>
> or you can
> echo 00 > serial
>
> On 15/12/2007, Julian Stöver <julian_st at gmx.de> wrote:
> Hi!
> I'm using Freeradius 1.1.3 under Debian Etch! I want to configure
> Freeradius with EAP-TLS in my network but there some problems with the
> certficate creation.
>
> I get this message when i run the file " certs.sh" in the "docs/
> freeradius/examples/" directory:
>
>
> >               ##################
> >               create private key
> >               name : name-root
> >               CA.pl -newcert
> >               ##################
> >
> > Generating a 1024 bit RSA private key
> > .............++++++
> > ....................................++++++
> > writing new private key to ' newreq.pem'
> > -----
> > You are about to be asked to enter information that will be
> > incorporated
> > into your certificate request.
> > What you are about to enter is what is called a Distinguished Name
> > or a DN.
> > There are quite a few fields but you can leave some blank
> > For some fields there will be a default value,
> > If you enter '.', the field will be left blank.
> > -----
> > Country Name (2 letter code) [AU]:State or Province Name (full name)
> > [Some-State]:Locality Name (eg, city) []:Organization Name (eg,
> > company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg,
> > section) []:Common Name (eg, YOUR name) []:Email Address []:
> >               ##################
> >               create CA
> >               use just created 'newreq.pem' private key as filename
> >               CA.pl -newca
> >               ##################
> >
> > CA certificate filename (or enter to create)
> >
> >               ##################
> >               exporting ROOT CA
> >               CA.pl -newreq
> >               CA.pl -signreq
> >               openssl pkcs12 -export -in demoCA/cacert.pem -inkey  
> newreq.pem -
> > out root.pem
> >               openssl pkcs12 -in root.cer -out root.pem
> >               ##################
> >
> > MAC verified OK
> >
> >               ##################
> >               creating client certificate
> >               name : name-clt
> >               client certificate stored as cert-clt.pem
> >               CA.pl -newreq
> >               CA.pl -signreq
> >               ##################
> >
> > Generating a 1024 bit RSA private key
> > ......................++++++
> > .++++++
> > writing new private key to 'newreq.pem'
> > -----
> > You are about to be asked to enter information that will be
> > incorporated
> > into your certificate request.
> > What you are about to enter is what is called a Distinguished Name
> > or a DN.
> > There are quite a few fields but you can leave some blank
> > For some fields there will be a default value,
> > If you enter '.', the field will be left blank.
> > -----
> > Country Name (2 letter code) [AU]:State or Province Name (full name)
> > [Some-State]:Locality Name (eg, city) []:Organization Name (eg,
> > company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg,
> > section) []:Common Name (eg, YOUR name) []:Email Address []:
> > Please enter the following 'extra' attributes
> > to be sent with your certificate request
> >> A challenge password []:An optional company name []:Using
> >> configuration from /usr/lib/ssl/openssl.cnf
> >> ./demoCA/serial: No such file or directory
> >> error while loading serial number
> > 11733:error:02001002:system library:fopen:No such file or
> > directory:bss_file.c:352:fopen('./demoCA/serial','r')
> > 11733:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c: 
> 354:
> > Failed to do sign certificate
>
> I think the 6 last lines are important and i search for a "serial"
> file, but i doesn't exist. Are there other users with this problem?
> How can i solve this problem?
>
> Mfg
> Julian
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071216/36030c53/attachment.html>


More information about the Freeradius-Users mailing list