Decoupled accounting

Devinder Singh devinbhullar at gmail.com
Fri Jul 31 11:49:46 CEST 2009


Hi Ivan
This is how generetd the certs and radiusd -X gives error


linux-7v1x:/etc/raddb/certs # ./CA.root myettelap
Generating a 1024 bit RSA private key
..++++++
.................++++++
writing new private key to 'pem/newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
MAC verified OK
linux-7v1x:/etc/raddb/certs # ls
bootstrap  CA.client  CA.root    client.cnf  der       p12   pem     server.cnf
CA.cient   ca.cnf     CA.server  demoCA      Makefile  pass  README
xpextensions
linux-7v1x:/etc/raddb/certs # cd pass
linux-7v1x:/etc/raddb/certs/pass # ls
root.pass
linux-7v1x:/etc/raddb/certs/pass # vi root.pass
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass # cd .
linux-7v1x:/etc/raddb/certs/pass # cd ..
linux-7v1x:/etc/raddb/certs # ls
bootstrap  CA.client  CA.root    client.cnf  der       p12   pem
server.cnf
CA.cient   ca.cnf     CA.server  demoCA      Makefile  pass  README
xpextensions
linux-7v1x:/etc/raddb/certs # cd pem
linux-7v1x:/etc/raddb/certs/pem # ls
root.pem
linux-7v1x:/etc/raddb/certs/pem # cd ..
linux-7v1x:/etc/raddb/certs # ls
bootstrap  CA.client  CA.root    client.cnf  der       p12   pem     server.cnf
CA.cient   ca.cnf     CA.server  demoCA      Makefile  pass  README
xpextensions
linux-7v1x:/etc/raddb/certs # cd
/home/palette/Desktop/freeradius-1.0.4/raddb/certs/demoCA/
linux-7v1x:/home/palette/Desktop/freeradius-1.0.4/raddb/certs/demoCA #
ls
cacert.pem  index.txt  index.txt.old  serial  serial.old
linux-7v1x:/home/palette/Desktop/freeradius-1.0.4/raddb/certs/demoCA #
cp serial /etc/raddb/certs/demoCA/
linux-7v1x:/home/palette/Desktop/freeradius-1.0.4/raddb/certs/demoCA #
cd /etc/raddb/certs/
linux-7v1x:/etc/raddb/certs # ls
bootstrap  CA.client  CA.root    client.cnf  der       p12   pem
server.cnf
CA.cient   ca.cnf     CA.server  demoCA      Makefile  pass  README
xpextensions
linux-7v1x:/etc/raddb/certs # ./CA.server linux-7v1x devin myettelap
Generating a 1024 bit RSA private key
.............................................++++++
................................++++++
writing new private key to 'pem/newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:linux-7v1x
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1234
An optional company name []:Pal
Using configuration from /etc/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 3 (0x3)
        Validity
            Not Before: Jul 31 09:28:11 2009 GMT
            Not After : Jul 31 09:28:11 2010 GMT
        Subject:
            countryName               = AU
            stateOrProvinceName       = Some-State
            organizationName          = Internet Widgits Pty Ltd
            commonName                = linux-7v1x
        X509v3 extensions:
            X509v3 Extended Key Usage:
                TLS Web Server Authentication
Certificate is to be certified until Jul 31 09:28:11 2010 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
MAC verified OK
linux-7v1x:/etc/raddb/certs # ls
bootstrap  CA.client  CA.root    client.cnf  der       p12   pem     server.cnf
CA.cient   ca.cnf     CA.server  demoCA      Makefile  pass  README
xpextensions
linux-7v1x:/etc/raddb/certs # cd pass
linux-7v1x:/etc/raddb/certs/pass # ls
root.pass
linux-7v1x:/etc/raddb/certs/pass # cd ..
linux-7v1x:/etc/raddb/certs # cd der
linux-7v1x:/etc/raddb/certs/der # ls
linux-7v1x.der  root.der
linux-7v1x:/etc/raddb/certs/der # cd .
linux-7v1x:/etc/raddb/certs/der # cd ..
linux-7v1x:/etc/raddb/certs # ls
bootstrap  CA.client  CA.root    client.cnf  der       p12   pem     server.cnf
CA.cient   ca.cnf     CA.server  demoCA      Makefile  pass  README
xpextensions
linux-7v1x:/etc/raddb/certs # ./CA.client palette-giau6pb devin myettelap
Generating a 1024 bit RSA private key
.......++++++
.......................................................++++++
writing new private key to 'pem/newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:palette-giau6pb
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1234
An optional company name []:
Using configuration from /etc/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 4 (0x4)
        Validity
            Not Before: Jul 31 09:31:56 2009 GMT
            Not After : Jul 31 09:31:56 2010 GMT
        Subject:
            countryName               = AU
            stateOrProvinceName       = Some-State
            organizationName          = Internet Widgits Pty Ltd
            commonName                = palette-giau6pb
        X509v3 extensions:
            X509v3 Extended Key Usage:
                TLS Web Client Authentication
Certificate is to be certified until Jul 31 09:31:56 2010 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
MAC verified OK
linux-7v1x:/etc/raddb/certs # ls



Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
        rsa_key_exchange = no
        dh_key_exchange = yes
        rsa_key_length = 512
        dh_key_length = 512
        verify_depth = 0
        pem_file_type = yes
        private_key_file = "/etc/wireless-auth/linux-7v1x.pem"
        certificate_file = "/etc/wireless-auth/linux-7v1x.pem"
        CA_file = "/etc/wireless-auth/root.pem"
        private_key_password = "myettelap"
        dh_file = "/etc/wireless-auth/DH"
        random_file = "/etc/wireless-auth/random"
        fragment_size = 1024
        include_length = yes
        check_crl = no
   }
rlm_eap: SSL error error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt
rlm_eap_tls: Error reading private key file /etc/wireless-auth/linux-7v1x.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/etc/raddb/sites-enabled/default[280]: Failed to find module "eap".
/etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section.
 }
Errors initializing modules









2009/7/31 Devinder Singh <devinbhullar at gmail.com>:
> Hi Ivan
>
> Ned you help here
> Module: Linked to sub-module rlm_eap_tls
>  Module: Instantiating eap-tls
>   tls {
>        rsa_key_exchange = no
>        dh_key_exchange = yes
>        rsa_key_length = 512
>        dh_key_length = 512
>        verify_depth = 0
>        pem_file_type = yes
>        private_key_file = "/etc/wireless-auth/linux-7v1x.pem"
>        certificate_file = "/etc/wireless-auth/linux-7v1x.pem"
>        CA_file = "/etc/wireless-auth/root.pem"
>        private_key_password = "myettelap"
>        dh_file = "/etc/wireless-auth/DH"
>        random_file = "/etc/wireless-auth/random"
>        fragment_size = 1024
>        include_length = yes
>        check_crl = no
>   }
> rlm_eap: SSL error error:06065064:digital envelope
> routines:EVP_DecryptFinal_ex:bad decrypt
> rlm_eap_tls: Error reading private key file /etc/wireless-auth/linux-7v1x.pem
> rlm_eap: Failed to initialize type tls
> /etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
> /etc/raddb/sites-enabled/default[280]: Failed to find module "eap".
> /etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section.
>  }
> Errors initializing modules
>



-- 
Devinder




More information about the Freeradius-Users mailing list