
<div>Hi,</div>  <div> </div>  <div>Openssl support .der format. But I convert the .pem format certificates to .der format.  They do not realy work. The pem certificates is OK.</div>  <div>Does anyone use .der format certificates?  Please help me. Thanks.</div>  <div> </div>  <div> </div>  <div>debug 1:</div>  <div>pem_file_type = no<BR> tls: private_key_file = "/usr/local/etc/raddb/certs/server_keycert.der"<BR> tls: certificate_file = "/usr/local/etc/raddb/certs/server_keycert.der"<BR> tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.der"<BR> tls: private_key_password = "whatever"<BR> tls: dh_file = "/usr/local/etc/raddb/certs/dh"<BR> tls: random_file = "/usr/local/etc/raddb/certs/random"<BR> tls: fragment_size = 1024<BR> tls: include_length = yes<BR> tls: check_crl = no<BR> tls: check_cert_cn = "(null)"<BR> tls: cipher_list = "DEFAULT"<BR> tls: check_cert_issuer =

 "(null)"<BR>rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)<BR>rlm_eap_tls: Error reading Trusted root CA list<BR>rlm_eap: Failed to initialize type tls<BR>radiusd.conf[1]: eap: Module instantiation failed.<BR>radiusd.conf[575] Unknown module "eap".<BR>radiusd.conf[555] Failed to parse authenticate section.</div>  <div><BR> <BR> debug 2:<BR> tls: pem_file_type = no<BR> tls: private_key_file = "/usr/local/etc/raddb/certs/server_keycert.der"<BR> tls: certificate_file = "/usr/local/etc/raddb/certs/server_keycert.der"<BR> tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"<BR> tls: private_key_password = "whatever"<BR> tls: dh_file = "/usr/local/etc/raddb/certs/dh"<BR> tls: random_file = "/usr/local/etc/raddb/certs/random"<BR> tls: fragment_size = 1024<BR> tls: include_length = yes<BR> tls: check_crl = no<BR> tls: check_cert_cn = "(null)"<BR> tls: cipher_list = "DEFAULT"<BR> tls:

 check_cert_issuer = "(null)"<BR>rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line<BR>rlm_eap_tls: Error reading private key file<BR>rlm_eap: Failed to initialize type tls<BR>radiusd.conf[1]: eap: Module instantiation failed.<BR>radiusd.conf[575] Unknown module "eap".<BR>radiusd.conf[555] Failed to parse authenticate section.</div>  <div> </div>  <div> </div>  <div>John.</div>  <div><BR><BR><B><I>Alan DeKok <aland@deployingradius.com></I></B> 写道：</div>  <BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">John wrote:<BR>> I am using freeradius 1.1.6. I want to know which certificate format can<BR>> be supported on EAP-TLS module? Does it support .pfx format?<BR><BR>FreeRADIUS uses OpenSSL for it's certificate functions. See the<BR>OpenSSL documentation for which certificate formats it supports.<BR><BR>Alan DeKok.<BR>-<BR>List info/subscribe/unsubscribe? See

 http://www.freeradius.org/list/users.html<BR></BLOCKQUOTE><BR><p> 


      <hr size=1><a href="http://cn.mail.yahoo.com/"> 雅虎邮箱，您的终生邮箱！</a>