27 Dec
2019
27 Dec
'19
1:23 a.m.
Hi, Thanks to Alan and arjun's kind help. Now I found the reason, I am doing cross-compile, my openssl on target disable des, so missing pkcs12. while the server.pem is generated on host with pkcs12. On 12/26/19 1:03 AM, arjun sharma wrote: > Hi , > > It's not like that other tools are used openssl is the most enriched and > hardly miss any available cipher suite. > > The issue with your configuration is clear from the confirmation itself > private_key_file = "/etc/raddb/certs/server.pem" > certificate_file = "/etc/raddb/certs/server.pem" > > You have used server.pem as certificate as well as private key . It seems > to be certificate file so doesn't contain private key this is the reason of > non readability of private key > > On Wed, Dec 25, 2019, 8:18 PM Alan DeKok <aland@deployingradius.com> wrote: > >> On Dec 25, 2019, at 4:38 AM, Changqing Li <changqing.li@windriver.com> >> wrote: >>> I met below error when run "/usr/sbin/radiusd -C -X", Could someone >> experts at this help to >>> give me some hint what configuration maybe wrong? Thanks >> The message isn't perfect, but it's clear: >> >>> tls: Failed reading private key file "/etc/raddb/certs/server.pem" >>> tls: error:0607606B:digital envelope >> routines:PKCS5_v2_PBE_keyivgen:unsupported cipher >> >> The private key in the "server.pem" file is encrypted with an >> unsupported cipher. >> >> OpenSSL supports many ciphers, but not every possible one. >> >> Where did you get this key from? What tools created it? It's clearly >> not created by the tools that come with FreeRADIUS. >> >> Use the built-in tools. They work. >> >> Alan DeKok. >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html