Re: Certificate Error!

Hi Ivan,

I still can't get the certificate to work.
I'd changed the Issuer and subject but the outcome still the same.

ca.cnf
default_ca              = CA_default

[ CA_default ]
dir                     = ./
certs                   = $dir
crl_dir                 = $dir/crl
database                = $dir/index.txt
new_certs_dir           = $dir
certificate             = $dir/ca.pem
serial                  = $dir/serial
crl                     = $dir/crl.pem
private_key             = $dir/ca.key
RANDFILE                = $dir/.rand
name_opt                = ca_default
cert_opt                = ca_default
default_days            = 1095
default_crl_days        = 730
default_md              = md5
preserve                = no
policy                  = policy_match

[ policy_match ]
countryName             = match
stateOrProvinceName     = match
organizationName        = match
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

[ policy_anything ]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

[ req ]
prompt                  = no
distinguished_name      = certificate_authority
default_bits            = 2048
input_password          = 000
output_password         = 000
x509_extensions         = v3_ca

[certificate_authority]
countryName             = FR
stateOrProvinceName     = Radius
localityName            = Somewhere
organizationName        = Example Inc.
emailAddress            = admin@example.com
commonName              = MarsNet_CA

[v3_ca]
subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid:always,issuer:always
basicConstraints        = CA:true

client.cnf
[ ca ]
default_ca              = CA_default

[ CA_default ]
dir                     = ./
certs                   = $dir
crl_dir                 = $dir/crl
database                = $dir/index.txt
new_certs_dir           = $dir
certificate             = $dir/server.pem
serial                  = $dir/serial
crl                     = $dir/crl.pem
private_key             = $dir/server.key
RANDFILE                = $dir/.rand
name_opt                = ca_default
cert_opt                = ca_default
default_days            = 1095
default_crl_days        = 730
default_md              = md5
preserve                = no
policy                  = policy_match

[ policy_match ]
countryName             = match
stateOrProvinceName     = match
organizationName        = match
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

[ policy_anything ]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

[ req ]
prompt                  = no
distinguished_name      = client
default_bits            = 2048
input_password          = 000
output_password         = 000

[client]
countryName             = FR
stateOrProvinceName     = Radius
localityName            = Somewhere
organizationName        = Example Inc.
emailAddress            = user@example.com
commonName              = MarsNet_CA

server.cnf
[ ca ]
default_ca              = CA_default

[ CA_default ]
dir                     = ./
certs                   = $dir
crl_dir                 = $dir/crl
database                = $dir/index.txt
new_certs_dir           = $dir
certificate             = $dir/server.pem
serial                  = $dir/serial
crl                     = $dir/crl.pem
private_key             = $dir/server.key
RANDFILE                = $dir/.rand
name_opt                = ca_default
cert_opt                = ca_default
default_days            = 1095
default_crl_days        = 730
default_md              = md5
preserve                = no
policy                  = policy_match

[ policy_match ]
countryName             = match
stateOrProvinceName     = match
organizationName        = match
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

[ policy_anything ]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

[ req ]
prompt                  = no
distinguished_name      = server
default_bits            = 2048
input_password          = Mars123
output_password         = Mars123

[server]
countryName             = FR
stateOrProvinceName     = Radius
localityName            = Somewhere
organizationName        = Example Inc.
emailAddress            = admin@example.com
commonName              = MarsNet_CA

Where should I change?

--- On Wed, 6/11/08, Ivan Kalik <tnt@kalik.net> wrote:
From: Ivan Kalik <tnt@kalik.net>
Subject: Re: Certificate Error!
To: freeradius-users@lists.freeradius.org
Date: Wednesday, June 11, 2008, 11:42 PM

Issuer: ..., MarNet
Subject: ..., MarsNet

Check certificate details. It seems that there are some typing errors
there.

Ivan Kalik
Kalik Informatika ISP


Dana 11/6/2008, "Kwok Sianbin" <sianbin_kwok@yahoo.com> piše:

>Hi Ivan,
>
>
>
>The date shows in Client Cert as word format and dates are correct.
>
>Here I attach Cert details tab.
>
>Root certificate is fine.. both client and root certificates were generated
at the same time.
>
>Afterward I tried to connect but connection
 failed.
>
>
>
>
>
>
>
>
>
>--- On Tue, 6/10/08, Ivan Kalik <tnt@kalik.net> wrote:
>From: Ivan Kalik <tnt@kalik.net>
>Subject: Re: Certificate Error!
>To: "FreeRadius users mailing list"
<freeradius-users@lists.freeradius.org>
>Date: Tuesday, June 10, 2008, 4:59 PM
>
>What is the system date format on that XP: day/month/year or
>month/day/year? Click on the certificate details tab. Are dates printed
>as words or numbers?
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 10/6/2008, "Kwok Sianbin" <sianbin_kwok@yahoo.com>
piše:
>
>>Hi Ivan,
>>The dates are ok (up-to-date).
>>Here I attach the certificate
>>
>>
>>
>>----- Original Message ----
>>From: Ivan Kalik <tnt@kalik.net>
>>To:
 freeradius-users@lists.freeradius.org
>>Sent: Tuesday, June 10, 2008 12:00:33 AM
>>Subject: Re: Certificate Error!
>>
>>>and then copy ca.der, client.p12 then I install the certificate
into
>Windows XP.
>>>
>>>When click the client certificate and it shows
>>>
>>>"Windows doesn't have enough information to verify this
>certificate"
>>>
>>>Server cert in Trusted Root Cert
>>>
>>>"This certificate has expired or is not yet valid.
>>>
>>
>>And below there is a line Valid from ... to ... - what are the dates?
>>
>>Ivan Kalik
>>Kalik Informatika ISP
>>
>>-
>>List info/subscribe/unsubscribe?
 See
>http://www.freeradius.org/list/users.html
>>
>>
>>
>>
>>
>
>-
>List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>
>
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.