<table cellspacing='0' cellpadding='0' border='0' ><tr><td valign='top' style='font: inherit;'>Hi Ivan,<br>
<br>
I still can't get the certificate to work. <br>
I'd changed the Issuer and subject but the outcome still the same.<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">ca.cnf</span><br>
default_ca = CA_default<br>
<br>
[ CA_default ]<br>
dir = ./<br>
certs = $dir<br>
crl_dir = $dir/crl<br>
database = $dir/index.txt<br>
new_certs_dir = $dir<br>
certificate = $dir/ca.pem<br>
serial = $dir/serial<br>
crl
= $dir/crl.pem<br>
private_key = $dir/ca.key<br>
RANDFILE = $dir/.rand<br>
name_opt = ca_default<br>
cert_opt = ca_default<br>
default_days = 1095<br>
default_crl_days = 730<br>
default_md = md5<br>
preserve = no<br>
policy = policy_match<br>
<br>[ policy_match ]<br>
countryName = match<br>
stateOrProvinceName = match<br>
organizationName = match<br>
organizationalUnitName = optional<br>
commonName = supplied<br>
emailAddress = optional<br>
<br>
[ policy_anything ]<br>
countryName = optional<br>
stateOrProvinceName = optional<br>
localityName = optional<br>
organizationName = optional<br>
organizationalUnitName = optional<br>
commonName = supplied<br>
emailAddress = optional<br>
<br>
[ req ]<br>
prompt = no<br>
distinguished_name = certificate_authority<br>
default_bits = 2048<br>
input_password = 000<br>
output_password = 000<br>
x509_extensions = v3_ca<br>
<br>
[certificate_authority]<br>
countryName = FR<br>
stateOrProvinceName = Radius<br>
localityName = Somewhere<br>
organizationName = Example Inc.<br>
emailAddress = admin@example.com<br>
commonName = MarsNet_CA<br>
<br>
[v3_ca]<br>
subjectKeyIdentifier = hash<br>
authorityKeyIdentifier = keyid:always,issuer:always<br>
basicConstraints = CA:true<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">client.cnf</span><br>
[ ca ]<br>
default_ca = CA_default<br>
<br>
[ CA_default ]<br>
dir = ./<br>
certs = $dir<br>
crl_dir = $dir/crl<br>
database = $dir/index.txt<br>
new_certs_dir = $dir<br>
certificate = $dir/server.pem<br>
serial = $dir/serial<br>
crl
= $dir/crl.pem<br>
private_key = $dir/server.key<br>
RANDFILE = $dir/.rand<br>
name_opt = ca_default<br>
cert_opt = ca_default<br>
default_days = 1095<br>
default_crl_days = 730<br>
default_md = md5<br>
preserve = no<br>
policy = policy_match<br>
<br>
[ policy_match ]<br>
countryName = match<br>
stateOrProvinceName = match<br>
organizationName = match<br>
organizationalUnitName = optional<br>
commonName = supplied<br>
emailAddress = optional<br>
<br>
[ policy_anything ]<br>
countryName = optional<br>
stateOrProvinceName = optional<br>
localityName = optional<br>
organizationName = optional<br>
organizationalUnitName = optional<br>
commonName = supplied<br>
emailAddress = optional<br>
<br>
[ req ]<br>
prompt = no<br>
distinguished_name = client<br>
default_bits = 2048<br>
input_password = 000<br>
output_password = 000<br>
<br>
[client]<br>
countryName = FR<br>
stateOrProvinceName = Radius<br>
localityName = Somewhere<br>
organizationName = Example Inc.<br>
emailAddress = user@example.com<br>
commonName = MarsNet_CA<br>
<br>
<span style="font-weight: bold; text-decoration: underline;">server.cnf</span><br>
[ ca ]<br>
default_ca = CA_default<br>
<br>
[ CA_default ]<br>
dir = ./<br>
certs = $dir<br>
crl_dir = $dir/crl<br>
database = $dir/index.txt<br>
new_certs_dir = $dir<br>
certificate = $dir/server.pem<br>
serial = $dir/serial<br>
crl
= $dir/crl.pem<br>
private_key = $dir/server.key<br>
RANDFILE = $dir/.rand<br>
name_opt = ca_default<br>
cert_opt = ca_default<br>
default_days = 1095<br>
default_crl_days = 730<br>
default_md = md5<br>
preserve = no<br>
policy = policy_match<br>
<br>
[ policy_match ]<br>
countryName = match<br>
stateOrProvinceName = match<br>
organizationName = match<br>
organizationalUnitName = optional<br>
commonName = supplied<br>
emailAddress = optional<br>
<br>
[ policy_anything ]<br>
countryName = optional<br>
stateOrProvinceName = optional<br>
localityName = optional<br>
organizationName = optional<br>
organizationalUnitName = optional<br>
commonName = supplied<br>
emailAddress = optional<br>
<br>
[ req ]<br>
prompt = no<br>
distinguished_name = server<br>
default_bits = 2048<br>
input_password = Mars123<br>
output_password = Mars123<br>
<br>
[server]<br>
countryName = FR<br>
stateOrProvinceName = Radius<br>
localityName = Somewhere<br>
organizationName = Example Inc.<br>
emailAddress = admin@example.com<br>
commonName = MarsNet_CA<br>
<br>
Where should I change?<br>
<br>--- On <b>Wed, 6/11/08, Ivan Kalik <i><tnt@kalik.net></i></b> wrote:<br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;">From: Ivan Kalik <tnt@kalik.net><br>Subject: Re: Certificate Error!<br>To: freeradius-users@lists.freeradius.org<br>Date: Wednesday, June 11, 2008, 11:42 PM<br><br><pre>Issuer: ..., MarNet<br>Subject: ..., MarsNet<br><br>Check certificate details. It seems that there are some typing errors<br>there.<br><br>Ivan Kalik<br>Kalik Informatika ISP<br><br><br>Dana 11/6/2008, "Kwok Sianbin" <sianbin_kwok@yahoo.com> piše:<br><br>>Hi Ivan,<br>><br>><br>><br>>The date shows in Client Cert as word format and dates are correct.<br>><br>>Here I attach Cert details tab.<br>><br>>Root certificate is fine.. both client and root certificates were generated<br>at the same time.<br>><br>>Afterward I tried to connect but connection
failed.<br>><br>><br>><br>><br>><br>><br>><br>><br>><br>>--- On Tue, 6/10/08, Ivan Kalik <tnt@kalik.net> wrote:<br>>From: Ivan Kalik <tnt@kalik.net><br>>Subject: Re: Certificate Error!<br>>To: "FreeRadius users mailing list"<br><freeradius-users@lists.freeradius.org><br>>Date: Tuesday, June 10, 2008, 4:59 PM<br>><br>>What is the system date format on that XP: day/month/year or<br>>month/day/year? Click on the certificate details tab. Are dates printed<br>>as words or numbers?<br>><br>>Ivan Kalik<br>>Kalik Informatika ISP<br>><br>><br>>Dana 10/6/2008, "Kwok Sianbin" <sianbin_kwok@yahoo.com><br>piše:<br>><br>>>Hi Ivan,<br>>>The dates are ok (up-to-date).<br>>>Here I attach the certificate<br>>><br>>><br>>><br>>>----- Original Message ----<br>>>From: Ivan Kalik <tnt@kalik.net><br>>>To:
freeradius-users@lists.freeradius.org<br>>>Sent: Tuesday, June 10, 2008 12:00:33 AM<br>>>Subject: Re: Certificate Error!<br>>><br>>>>and then copy ca.der, client.p12 then I install the certificate<br>into<br>>Windows XP.<br>>>><br>>>>When click the client certificate and it shows<br>>>><br>>>>"Windows doesn't have enough information to verify this<br>>certificate"<br>>>><br>>>>Server cert in Trusted Root Cert<br>>>><br>>>>"This certificate has expired or is not yet valid.<br>>>><br>>><br>>>And below there is a line Valid from ... to ... - what are the dates?<br>>><br>>>Ivan Kalik<br>>>Kalik Informatika ISP<br>>><br>>>-<br>>>List info/subscribe/unsubscribe?
See<br>>http://www.freeradius.org/list/users.html<br>>><br>>><br>>><br>>><br>>><br>><br>>-<br>>List info/subscribe/unsubscribe? See<br>http://www.freeradius.org/list/users.html<br>><br>><br>><br>><br><br>-<br>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html</pre></blockquote></td></tr></table><br>