<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><div>hi,<br><br>I use freeradius 2.0.5 and openSUSE 10.3<br><br>i ran "bootstrap" script + "make client.pem", "make.client.p12",<br>- I imported "ca.der" on my xp laptop, located at the CA Authorithy containeer.<br>I imported server.p12 too (just to verify the signature) and everything is Ok<br>- But when i import client.p12, windows says me this certificated is not valid! and i dont know why.<br><br>I executed two commands: server.vrfy and client.vrfy, hoping their output (below) could help.<br><br><br>Thank you for helping<br>-------------------------------------------------------------------------------------------------<br>linux:/etc/raddb/certs # <span style="font-weight: bold;">make server.vrfy</span><br>openssl verify -CAfile ca.pem server.pem<br>server.pem: OK<br><br><br><span
style="font-weight: bold;">make client.vrfy</span><br>openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'`<br>openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'`<br>MAC verified OK<br>openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:`grep output_password client.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password client.cnf | sed 's/.*=//;s/^ *//'`<br>openssl pkcs12 -in client.p12 -out client.pem -passin pass:`grep output_password client.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password client.cnf | sed 's/.*=//;s/^ *//'`<br>MAC verified OK<br>cp client.pem `grep emailAddress client.cnf
| grep '@' | sed 's/.*=//;s/^ *//'`.pem<br>c_rehash .<br>Doing .<br>02.pem => eee97f35.0<br>WARNING: Skipping duplicate certificate user@example.com.pem<br>client.pem => 583a9f4b.0<br>01.pem => dcd1729a.0<br>WARNING: Skipping duplicate certificate user2@example.com.pem<br>server.pem => dcd1729a.1<br>WARNING: Skipping duplicate certificate 03.pem<br>WARNING: Skipping duplicate certificate 04.pem<br>ca.pem => 23537b55.0<br>openssl verify -CApath . client.pem<br>client.pem: OK<br></div></div><br>
<hr size="1">
Envoyé avec <a href="http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html">Yahoo! Mail</a>.<br>Une boite mail plus intelligente. </a></body></html>