certificate client.* non valid on windows XP
Reveal MAP
revealmapp at yahoo.fr
Sat Jul 12 17:10:55 CEST 2008
hi,
I use freeradius 2.0.5 and openSUSE 10.3
i ran "bootstrap" script + "make client.pem", "make.client.p12",
- I imported "ca.der" on my xp laptop, located at the CA Authorithy containeer.
I imported server.p12 too (just to verify the signature) and everything is Ok
- But when i import client.p12, windows says me this certificated is not valid! and i dont know why.
I executed two commands: server.vrfy and client.vrfy, hoping their output (below) could help.
Thank you for helping
-------------------------------------------------------------------------------------------------
linux:/etc/raddb/certs # make server.vrfy
openssl verify -CAfile ca.pem server.pem
server.pem: OK
make client.vrfy
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'`
openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'`
MAC verified OK
openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:`grep output_password client.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password client.cnf | sed 's/.*=//;s/^ *//'`
openssl pkcs12 -in client.p12 -out client.pem -passin pass:`grep output_password client.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password client.cnf | sed 's/.*=//;s/^ *//'`
MAC verified OK
cp client.pem `grep emailAddress client.cnf | grep '@' | sed 's/.*=//;s/^ *//'`.pem
c_rehash .
Doing .
02.pem => eee97f35.0
WARNING: Skipping duplicate certificate user at example.com.pem
client.pem => 583a9f4b.0
01.pem => dcd1729a.0
WARNING: Skipping duplicate certificate user2 at example.com.pem
server.pem => dcd1729a.1
WARNING: Skipping duplicate certificate 03.pem
WARNING: Skipping duplicate certificate 04.pem
ca.pem => 23537b55.0
openssl verify -CApath . client.pem
client.pem: OK
_____________________________________________________________________________
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080712/5f866d14/attachment.html>
More information about the Freeradius-Users
mailing list