Stephane Brodeur wrote:
I am a newbie to Freeradius and I am having a real hard time to implement EAP-TLS using self-signed certificate.
Why? The server comes with scripts that create self-signed certs. See raddb/certs. If you search google for "freeradius eap-tls howto", the first link is this: http://freeradius.org/doc/EAPTLS.pdf
[root@localhost CA]# eapol_test -c /opt/EAP-RADIUS/eap-tls.conf -s testing123, I have the following results:
Ask the wpa_supplicant people how their software works. This is the *freeradius* list.
My problem is the following error message when running eapol_test
TLS: Trusted root certificate(s) loaded OpenSSL: SSL_use_certificate_file (DER) --> OK OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (DER) failed error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag OpenSSL: pending error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error OpenSSL: pending error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
Well... the certificate is wrong. If you had use the generation scripts in raddb/certs, you wouldn't have this problem. See also http://deployingradius.com/, which contains *detailed* instructions for getting EAP to work. Alan DeKok.