Hi , It's not like that other tools are used openssl is the most enriched and hardly miss any available cipher suite. The issue with your configuration is clear from the confirmation itself private_key_file = "/etc/raddb/certs/server.pem" certificate_file = "/etc/raddb/certs/server.pem" You have used server.pem as certificate as well as private key . It seems to be certificate file so doesn't contain private key this is the reason of non readability of private key On Wed, Dec 25, 2019, 8:18 PM Alan DeKok <aland@deployingradius.com> wrote:
On Dec 25, 2019, at 4:38 AM, Changqing Li <changqing.li@windriver.com> wrote:
I met below error when run "/usr/sbin/radiusd -C -X", Could someone experts at this help to
give me some hint what configuration maybe wrong? Thanks
The message isn't perfect, but it's clear:
tls: Failed reading private key file "/etc/raddb/certs/server.pem" tls: error:0607606B:digital envelope routines:PKCS5_v2_PBE_keyivgen:unsupported cipher
The private key in the "server.pem" file is encrypted with an unsupported cipher.
OpenSSL supports many ciphers, but not every possible one.
Where did you get this key from? What tools created it? It's clearly not created by the tools that come with FreeRADIUS.
Use the built-in tools. They work.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html