Make the server certificate from Thawte

Alexey Shildyakov ashl1future at
Wed Jul 6 22:57:24 CEST 2011

I want to use the certificate from Thawte. First of all I tried to use
free SSL certificate from Thawte. I received 3 certificates in
PEM-format: my Thawte trial SSL certificate, Thawte Trial Secure
Server Intermediate CA and Thawte Test CA Root certificate in format:
text here

I made .pem files from them with no new line in end of file. The eap.conf is:
private_key_password = (is empty because no password in certificates)
private_key_file = ${certdir}/trialThawte.pem
certificate_file = ${certdir}/trialThawteCA.pem

radiusd -X
rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line
rlm_eap_tls: Error reading private key file /etc/raddb/certs/trialThawte.pem
rlm_eap: Failed to initialize type tls

Tried to make .pem by following commands (use server.key, server.csr
were inputted to make Thawte certificate; server.crt is received
Thawte certificate):
openssl pkcs12 -export -in server.crt -inkey server.key -out
server.p12  -passin pass:1234 -passout pass:1234
unable to load private key
139734217189032:error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:467:
139734217189032:error:0906A065:PEM routines:PEM_do_header:bad
openssl pkcs12 -in server.crt -out server.pem -passin pass:12345
-passout pass:12345
140259536533160:error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
140259536533160:error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=PKCS12

I confused that:
1. no passwords in received Thawte certificates
2. Root CA and Web Server CA
3. different pem format is used in RADIUS and is received from Thawte

What algorithm should be used to make valid to FreeRADIUS pem
certificate files from these Thawte certificates?

FreeRADIUS Version 2.1.7, for host x86_64-pc-linux-gnu

Best Regards, Shildyakov Alexey Vladimirovich

More information about the Freeradius-Users mailing list