Hello list.
 
I am sorry about my poor english skills but hope i could be understood anyway.
 
I use freeradius 1.1-7 on fedora 8 (installed with yum command). right now, my users in the "/etc/raddb/users" file are able to authenticate without no problem.
 
i intend to use eap-tls and eap-peap to authenticate my users. to do so, i read this tutorial: http://www.wi-fiplanet.com/tutorials/article.php/3557251 (two sheets) which is very helpfull.
 
but on the second part of the tuto, i encounter a problem with the extensions part:
- it is said to create a file named "extensions" (my case /etc/pki/tls/extensions) and to copy that lines into:
 
[ xpclient_ext]
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
[ xpserver_ext ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.1

 

and then to modify my previous certificate like that:

# openssl ca -out master_cert.pem -extensions xpserver -infiles ./masterreq.pem
# openssl ca -out client_cert.pem -extensions xpserver -infiles ./clientreq.pem

 

when i do this, the system give me an error message:

[root@ensiasra ensiasCA]# pwd
/etc/pki/CA/ensiasCA
[root@ensiasra ensiasCA]# openssl ca -out certs/ensias_cert.pem -extensions xpserver_ext -infiles certs/radiusserverreq.pem
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for /etc/pki/CA/ensiasCA/private/cakey.pem:
Error Loading extension section xpserver_ext
4230:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=email_in_dn
[root@ensiasra ensiasCA]#

 

i suppose i have problem creating extensions....

there's a long time i try to fix it (and some many before), and right now, i come and ask your help to fix it.

 

thanx for helping

 


 

MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
20000 Oulfa
Casablanca - Maroc

 

Tél. : +212 69 25 85 70


__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail