<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>
Hi,<br><br>I am a newbie to Freeradius and I am having a real hard time to implement EAP-TLS using self-signed certificate.<br><br>My certificate seems valid:<br><br>Server Certificate<br>[root@localhost CA]# openssl verify -CAfile /etc/pki/CA/cacert.pem xplab.pem<br>xplab.pem: OK<br><br>Client certificate<br>[root@localhost CA]# openssl verify -CAfile /etc/pki/CA/cacert.pem bob.pem<br>bob.pem: OK<br><br>When I run <br><br>[root@localhost CA]# eapol_test -c /opt/EAP-RADIUS/eap-tls.conf -s testing123, I have the following results:<br><br>EAPOL: Successfully fetched key (len=32)<br>PMK from EAPOL - hexdump(len=32): cf cd 8c f0 17 49 11 13 d6 7d fe cb b1 65 00 1d 85 c2 ef a5 33 35 78 00 b8 a1 0a 9d 02 4b 06 45<br>EAP: deinitialize previously used EAP method (13, TLS) at EAP deinit<br>ENGINE: engine deinit<br>MPPE keys OK: 1 mismatch: 0<br>SUCCESS<br><br>using the following eap-tls.conf<br># eapol_test -c eap-tls.conf -s testing123<br>#<br>network={<br> key_mgmt=IEEE8021X<br> eap=TLS<br> eapol_flags=0<br> eap_workaround=0<br> identity="bob"<br> ca_cert="/etc/pki/CA/cacert.pem" <br> client_cert="/etc/pki/CA/bob.der" <br> private_key="/etc/pki/CA/bob.key"<br> private_key_passwd="abc123"<br> #<br> # Uncomment the following to perform server certificate validation.<br> ca_cert="/etc/pki/CA/cacert.pem"<br><br>}<br><br>My problem is the following error message when running eapol_test<br><br>TLS: Trusted root certificate(s) loaded<br>OpenSSL: SSL_use_certificate_file (DER) --> OK<br>OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (DER) failed error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag<br>OpenSSL: pending error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error<br>OpenSSL: pending error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag<br>OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error<br>OpenSSL: pending error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib<br>OpenSSL: pending error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag<br>OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error<br>OpenSSL: pending error: error:140CB00D:SSL routines:SSL_use_PrivateKey_file:ASN1 lib<br>OpenSSL: SSL_use_PrivateKey_File (PEM) --> OK<br>SSL: Private key loaded successfully<br>CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected<br><br>I would like to know if this means that my certificates are not valid even if the eapol_test seems successful. I was not able to find any information on the meaning of these messages. These messages are similar to what I have when I run the wpa_supplicant from my client machine. Since I am not able to authenticate from wpa_supplicant (failed to private key), I think that it might be possible that the certificate are wrong.<br><br><br>wpa_supplicant.conf<br>ap_scan=0<br>network={<br> key_mgmt=WPA-EAP<br> eap=TLS<br> identity="bob"<br> ca_cert="/etc/ssl/demoCA/cacert.pem" <br> client_cert="/etc/ssl/demoCA/certs/bob.pem" <br> private_key="/etc/ssl/demoCA/private/bob.key"<br> private_key_passwd="abc123"<br> eapol_flags=0<br>}<br><br>wpa_supplicant -c /etc/wpa_supplicant.conf -D wired -i br0<br><br><br>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13<br>OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error<br>OpenSSL: pending error: error:140C800D:SSL routines:SSL_use_certificate_file:ASN1 lib<br>OpenSSL: pending error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag<br>OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error<br>OpenSSL: pending error: error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib<br>OpenSSL: pending error: error:140CB00D:SSL routines:SSL_use_PrivateKey_file:ASN1 lib<br>OpenSSL: pending error: error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error<br>OpenSSL: pending error: error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error<br>OpenSSL: pending error: error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib<br>OpenSSL: pending error: error:140CB009:SSL routines:SSL_use_PrivateKey_file:PEM lib<br>OpenSSL: tls_read_pkcs12 - Failed to use PKCS#12 file error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag<br>OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error<br>OpenSSL: Failed to load private key<br><br><br>Thanks for your help<br>Stephane<br><br> </div></body>
</html>