On Mar 1, 2022, at 9:32 AM, IƱigo Vicente <ivicente@bexencardio.com> wrote:
Can I use Der format for certificates?
OpenSSL uses PEM. It's trivial to convert them from one format to another. So there's no reason to try to "force" it to use one format.
When I try to use DER certificates I get this error on freeradius:
(8) eap_tls: ERROR: (TLS) Alert write:fatal:decode error (8) eap_tls: ERROR: (TLS) Server : Error in error (8) eap_tls: ERROR: (TLS) Failed reading from OpenSSL: error:1417C087:SSL routines:tls_process_client_certificate:cert length mismatch
That really has nothing to do with the certificate format. Once the certificate is loaded by OpenSSL, it's sent across the wire in a different format. Plus, this complaint is about the *client* certificate. Not the certificate on the server. Alan DeKok.