you have to look at certs.sh and modify the paths in that file.<br>aswell the openssl.cnf file.<br>its a kindda workaround but i dont have a better way.<br><br>or you can <br>echo 00 > serial<br><br><div><span class="gmail_quote">
On 15/12/2007, <b class="gmail_sendername">Julian Stöver</b> <<a href="mailto:julian_st@gmx.de">julian_st@gmx.de</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi!<br>I'm using Freeradius 1.1.3 under Debian Etch! I want to configure<br>Freeradius with EAP-TLS in my network but there some problems with the<br>certficate creation.<br><br>I get this message when i run the file "
certs.sh" in the "docs/<br>freeradius/examples/" directory:<br><br><br>> ##################<br>> create private key<br>> name : name-root<br>>
CA.pl -newcert<br>> ##################<br>><br>> Generating a 1024 bit RSA private key<br>> .............++++++<br>> ....................................++++++<br>> writing new private key to '
newreq.pem'<br>> -----<br>> You are about to be asked to enter information that will be<br>> incorporated<br>> into your certificate request.<br>> What you are about to enter is what is called a Distinguished Name
<br>> or a DN.<br>> There are quite a few fields but you can leave some blank<br>> For some fields there will be a default value,<br>> If you enter '.', the field will be left blank.<br>> -----<br>> Country Name (2 letter code) [AU]:State or Province Name (full name)
<br>> [Some-State]:Locality Name (eg, city) []:Organization Name (eg,<br>> company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg,<br>> section) []:Common Name (eg, YOUR name) []:Email Address []:<br>> ##################
<br>> create CA<br>> use just created 'newreq.pem' private key as filename<br>> CA.pl -newca<br>> ##################<br>><br>> CA certificate filename (or enter to create)
<br>><br>> ##################<br>> exporting ROOT CA<br>> CA.pl -newreq<br>> CA.pl -signreq<br>> openssl pkcs12 -export -in demoCA/cacert.pem -inkey
newreq.pem -<br>> out root.pem<br>> openssl pkcs12 -in root.cer -out root.pem<br>> ##################<br>><br>> MAC verified OK<br>><br>> ##################<br>
> creating client certificate<br>> name : name-clt<br>> client certificate stored as cert-clt.pem<br>> CA.pl -newreq<br>> CA.pl -signreq
<br>> ##################<br>><br>> Generating a 1024 bit RSA private key<br>> ......................++++++<br>> .++++++<br>> writing new private key to 'newreq.pem'<br>> -----<br>
> You are about to be asked to enter information that will be<br>> incorporated<br>> into your certificate request.<br>> What you are about to enter is what is called a Distinguished Name<br>> or a DN.<br>> There are quite a few fields but you can leave some blank
<br>> For some fields there will be a default value,<br>> If you enter '.', the field will be left blank.<br>> -----<br>> Country Name (2 letter code) [AU]:State or Province Name (full name)<br>> [Some-State]:Locality Name (eg, city) []:Organization Name (eg,
<br>> company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg,<br>> section) []:Common Name (eg, YOUR name) []:Email Address []:<br>> Please enter the following 'extra' attributes<br>> to be sent with your certificate request
<br>>> A challenge password []:An optional company name []:Using<br>>> configuration from /usr/lib/ssl/openssl.cnf<br>>> ./demoCA/serial: No such file or directory<br>>> error while loading serial number
<br>> 11733:error:02001002:system library:fopen:No such file or<br>> directory:bss_file.c:352:fopen('./demoCA/serial','r')<br>> 11733:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
<br>> Failed to do sign certificate<br><br>I think the 6 last lines are important and i search for a "serial"<br>file, but i doesn't exist. Are there other users with this problem?<br>How can i solve this problem?
<br><br>Mfg<br>Julian<br><br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br></blockquote></div><br>