----- Message d'origine ----
De : Sergio <sergioyebenes@alumnos.upm.es>
À : FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Envoyé le : Dimanche, 13 Juillet 2008, 16h09mn 34s
Objet : Re: certificate client.* non valid on windows XP
Reveal MAP escribió:
> hi,
>
> I use freeradius 2.0.5 and openSUSE 10.3
>
> i ran "bootstrap" script + "make client.pem", "make.client.p12",
> - I imported "ca.der" on my xp laptop, located at the CA Authorithy
> containeer.
> I imported server.p12 too (just to verify the signature) and
> everything is Ok
> - But when i import client.p12, windows says me this certificated is
> not valid! and i dont know why.
>
> I executed two commands: server.vrfy and client.vrfy, hoping their
> output
(below) could help.
>
>
> Thank you for helping
> -------------------------------------------------------------------------------------------------
> linux:/etc/raddb/certs # make server.vrfy
> openssl verify -CAfile ca.pem server.pem
> server.pem: OK
>
>
> make client.vrfy
> openssl pkcs12 -export -in server.crt -inkey server.key -out
> server.p12 -passin pass:`grep output_password server.cnf | sed
> 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf |
> sed 's/.*=//;s/^ *//'`
> openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep
> output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout
> pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'`
> MAC verified OK
> openssl pkcs12 -export -in client.crt -inkey client.key -out
> client.p12 -passin pass:`grep output_password
client.cnf | sed
> 's/.*=//;s/^ *//'` -passout pass:`grep output_password client.cnf |
> sed 's/.*=//;s/^ *//'`
> openssl pkcs12 -in client.p12 -out client.pem -passin pass:`grep
> output_password client.cnf | sed 's/.*=//;s/^ *//'` -passout
> pass:`grep output_password client.cnf | sed 's/.*=//;s/^ *//'`
> MAC verified OK
> cp client.pem `grep emailAddress client.cnf | grep '@' | sed
> 's/.*=//;s/^ *//'`.pem
> c_rehash .
> Doing .
> 02.pem => eee97f35.0
> WARNING: Skipping duplicate certificate
user@example.com.pem> client.pem => 583a9f4b.0
> 01.pem => dcd1729a.0
> WARNING: Skipping duplicate certificate
user2@example.com.pem> server.pem => dcd1729a.1
> WARNING: Skipping
duplicate certificate 03.pem
> WARNING: Skipping duplicate certificate 04.pem
> ca.pem => 23537b55.0
> openssl verify -CApath . client.pem
> client.pem: OK
>
> ------------------------------------------------------------------------
> Envoyé avec Yahoo! Mail
> <
http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html>.
> Une boite mail plus intelligente.
>
> __________ Informaci�n de NOD32, revisi�n 3263 (20080711) __________
>
> Este mensaje ha sido analizado con NOD32 antivirus system
>
http://www.nod32.com>
------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html>
>
> __________ Información de NOD32, revisión 3263 (20080711) __________
>
> Este mensaje ha sido analizado con NOD32 antivirus system
>
http://www.nod32.com