/usr/sbin/radiusd -C failed

[Changqing Li]

Hi,

Thanks to Alan and arjun's kind help. Now I found the reason,

I am doing cross-compile,  my openssl on target disable des, so missing 
pkcs12.

while the server.pem is generated on host with pkcs12.

On 12/26/19 1:03 AM, arjun sharma wrote:
> Hi ,
>
> It's not like that other tools are used openssl is the most enriched and
> hardly miss any available cipher suite.
>
> The issue with your configuration is clear from the confirmation itself
>            private_key_file = "/etc/raddb/certs/server.pem"
>           certificate_file = "/etc/raddb/certs/server.pem"
>
> You have used server.pem as certificate as well as private key . It seems
> to be certificate file so doesn't contain private key this is the reason of
> non readability of private key
>
> On Wed, Dec 25, 2019, 8:18 PM Alan DeKok <aland at deployingradius.com> wrote:
>
>> On Dec 25, 2019, at 4:38 AM, Changqing Li <changqing.li at windriver.com>
>> wrote:
>>> I met below error when run "/usr/sbin/radiusd -C -X",  Could someone
>> experts at this help to
>>> give me some hint what configuration maybe wrong? Thanks
>>    The message isn't perfect, but it's clear:
>>
>>> tls: Failed reading private key file "/etc/raddb/certs/server.pem"
>>> tls: error:0607606B:digital envelope
>> routines:PKCS5_v2_PBE_keyivgen:unsupported cipher
>>
>>    The private key in the "server.pem" file is encrypted with an
>> unsupported cipher.
>>
>>    OpenSSL supports many ciphers, but not every possible one.
>>
>>    Where did you get this key from?  What tools created it?  It's clearly
>> not created by the tools that come with FreeRADIUS.
>>
>>    Use the built-in tools.  They work.
>>
>>    Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html