<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">ok, i already tried to fix the script but didn't tried your hint.<div><br class="webkit-block-placeholder"></div><div>i've put some extra "echo 00 > serial" into CA.certs, because the file was delete during running the script. </div><div><br class="webkit-block-placeholder"></div><div>everthing is fine now :-)</div><div><br class="webkit-block-placeholder"></div><div>thanks!</div><div><br><div><div>Am 15.12.2007 um 22:55 schrieb ikpirhu last:</div><br class="Apple-interchange-newline"><blockquote type="cite">you have to look at certs.sh and modify the paths in that file.<br>aswell the openssl.cnf file.<br>its a kindda workaround but i dont have a better way.<br><br>or you can <br>echo 00 > serial<br><br><div><span class="gmail_quote"> On 15/12/2007, <b class="gmail_sendername">Julian Stöver</b> <<a href="mailto:julian_st@gmx.de">julian_st@gmx.de</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Hi!<br>I'm using Freeradius 1.1.3 under Debian Etch! I want to configure<br>Freeradius with EAP-TLS in my network but there some problems with the<br>certficate creation.<br><br>I get this message when i run the file " certs.sh" in the "docs/<br>freeradius/examples/" directory:<br><br><br>> ##################<br>> create private key<br>> name : name-root<br>> CA.pl -newcert<br>> ##################<br>><br>> Generating a 1024 bit RSA private key<br>> .............++++++<br>> ....................................++++++<br>> writing new private key to ' newreq.pem'<br>> -----<br>> You are about to be asked to enter information that will be<br>> incorporated<br>> into your certificate request.<br>> What you are about to enter is what is called a Distinguished Name <br>> or a DN.<br>> There are quite a few fields but you can leave some blank<br>> For some fields there will be a default value,<br>> If you enter '.', the field will be left blank.<br>> -----<br>> Country Name (2 letter code) [AU]:State or Province Name (full name) <br>> [Some-State]:Locality Name (eg, city) []:Organization Name (eg,<br>> company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg,<br>> section) []:Common Name (eg, YOUR name) []:Email Address []:<br>> ################## <br>> create CA<br>> use just created 'newreq.pem' private key as filename<br>> CA.pl -newca<br>> ##################<br>><br>> CA certificate filename (or enter to create) <br>><br>> ##################<br>> exporting ROOT CA<br>> CA.pl -newreq<br>> CA.pl -signreq<br>> openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -<br>> out root.pem<br>> openssl pkcs12 -in root.cer -out root.pem<br>> ##################<br>><br>> MAC verified OK<br>><br>> ##################<br> > creating client certificate<br>> name : name-clt<br>> client certificate stored as cert-clt.pem<br>> CA.pl -newreq<br>> CA.pl -signreq <br>> ##################<br>><br>> Generating a 1024 bit RSA private key<br>> ......................++++++<br>> .++++++<br>> writing new private key to 'newreq.pem'<br>> -----<br> > You are about to be asked to enter information that will be<br>> incorporated<br>> into your certificate request.<br>> What you are about to enter is what is called a Distinguished Name<br>> or a DN.<br>> There are quite a few fields but you can leave some blank <br>> For some fields there will be a default value,<br>> If you enter '.', the field will be left blank.<br>> -----<br>> Country Name (2 letter code) [AU]:State or Province Name (full name)<br>> [Some-State]:Locality Name (eg, city) []:Organization Name (eg, <br>> company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg,<br>> section) []:Common Name (eg, YOUR name) []:Email Address []:<br>> Please enter the following 'extra' attributes<br>> to be sent with your certificate request <br>>> A challenge password []:An optional company name []:Using<br>>> configuration from /usr/lib/ssl/openssl.cnf<br>>> ./demoCA/serial: No such file or directory<br>>> error while loading serial number <br>> 11733:error:02001002:system library:fopen:No such file or<br>> directory:bss_file.c:352:fopen('./demoCA/serial','r')<br>> 11733:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354: <br>> Failed to do sign certificate<br><br>I think the 6 last lines are important and i search for a "serial"<br>file, but i doesn't exist. Are there other users with this problem?<br>How can i solve this problem? <br><br>Mfg<br>Julian<br><br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br></blockquote></div><br> -<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a></blockquote></div><br></div></body></html>