Buy SSL Certificates for PEAP
Hi ! Can anybody give me a hint on how to configure the eap.conf file when I have a certificate signed by thawte.com (21-Day Free SSL Trial Certificate) ? Read somewhere that I have to convert the certificate from DER to PEM, but trying to use this cammand fails : openssl x509 -in somecertificate.cer -inform DER -out somecertificate.pem Thanx
You also need to specify "-outform PEM". On Tue, 2006-06-27 at 13:53, VannMann32 . wrote:
Hi !
Can anybody give me a hint on how to configure the eap.conf file when I have a certificate signed by thawte.com (21-Day Free SSL Trial Certificate) ?
Read somewhere that I have to convert the certificate from DER to PEM, but trying to use this cammand fails :
openssl x509 -in somecertificate.cer -inform DER -out somecertificate.pem
Thanx
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi !
You also need to specify "-outform PEM".
# openssl x509 -in somecertificate.cer -inform DER -out somecertificate.pem -outform PEM unable to load certificate 88876:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:946: 88876:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:304:Type=X509
Are you sure your certificate isn't already in PEM format? --Mike On Jun 27, 2006, at 4:32 PM, VannMann32 . wrote:
Hi !
You also need to specify "-outform PEM".
# openssl x509 -in somecertificate.cer -inform DER -out somecertificate.pem -outform PEM unable to load certificate 88876:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/ asn1/tasn_dec.c:946: 88876:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/ crypto/asn1/tasn_dec.c:304:Type=X509
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
Hi !
Are you sure your certificate isn't already in PEM format?
How can I verify which format the certificate is in ? # openssl x509 -in somecertificate.cer -text Certificate: Data: Version: 3 (0x2) Serial Number: 69:4c:8a:74:b7:45:cd:7f:cd:47:71:b8:c0:f2:60:6a Signature Algorithm: sha1WithRSAEncryption Issuer: C=ZA, ST=FOR TESTING PURPOSES ONLY, O=Thawte Certification, OU=TEST TEST TEST, CN=Thawte Test CA Root Validity Not Before: Jun 27 20:00:54 2006 GMT Not After : Jul 18 20:00:54 2006 GMT Subject: C=XX, ST=XXXXX, L=XXXXX, O=XXXXXX, OU=XXXXXX, CN=XXXXXXXX Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:ce:0c:00:a5:88:d5:f7:f2:b8:c5:7d:f3:9d:0a: 0e:44:28:ee:fc:b0:78:c9:d0:1e:f2:cf:cf:2f:cc: 6f:bc:87:06:f4:eb:aa:a3:3d:8d:d5:d8:60:54:8e: 78:c3:2b:a5:fc:f5:fa:97:ea:d3:17:20:00:07:62: 25:1a:8f:cf:41:9e:ba:59:a7:c3:75:a0:ae:4c:9c: 69:4f:52:c3:7c:51:d7:2e:70:63:1e:d5:79:97:d7: b3:81:94:d8:4f:cf:f1:5c:9c:ab:c5:e2:f5:82:70: 34:f0:8b:e8:70:a0:ce:27:b4:26:fc:16:b5:6c:64: fd:f5:99:94:f8:ad:63:a7:41 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: URI:http://crl.thawte.com/ThawtePremiumServerCA.crl Authority Information Access: OCSP - URI:http://ocsp.thawte.com
By default, OpenSSL uses PEM format, so if you didn't specify a certificate format of DER, then its a PEM encoded cert. If you look at the cert in a text viewer/editor, you'll see lines that have "--- BEGIN CERTIFICATE---" and "---END CERTIFICATE---" if its PEM encoded. --Mike On Jun 28, 2006, at 2:53 AM, VannMann32 . wrote:
Hi !
Are you sure your certificate isn't already in PEM format?
How can I verify which format the certificate is in ?
# openssl x509 -in somecertificate.cer -text Certificate: Data: Version: 3 (0x2) Serial Number: 69:4c:8a:74:b7:45:cd:7f:cd:47:71:b8:c0:f2:60:6a Signature Algorithm: sha1WithRSAEncryption Issuer: C=ZA, ST=FOR TESTING PURPOSES ONLY, O=Thawte Certification, OU=TEST TEST TEST, CN=Thawte Test CA Root Validity Not Before: Jun 27 20:00:54 2006 GMT Not After : Jul 18 20:00:54 2006 GMT Subject: C=XX, ST=XXXXX, L=XXXXX, O=XXXXXX, OU=XXXXXX, CN=XXXXXXXX Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:ce:0c:00:a5:88:d5:f7:f2:b8:c5:7d:f3:9d:0a: 0e:44:28:ee:fc:b0:78:c9:d0:1e:f2:cf:cf:2f:cc: 6f:bc:87:06:f4:eb:aa:a3:3d:8d:d5:d8:60:54:8e: 78:c3:2b:a5:fc:f5:fa:97:ea:d3:17:20:00:07:62: 25:1a:8f:cf:41:9e:ba:59:a7:c3:75:a0:ae:4c:9c: 69:4f:52:c3:7c:51:d7:2e:70:63:1e:d5:79:97:d7: b3:81:94:d8:4f:cf:f1:5c:9c:ab:c5:e2:f5:82:70: 34:f0:8b:e8:70:a0:ce:27:b4:26:fc:16:b5:6c:64: fd:f5:99:94:f8:ad:63:a7:41 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: URI:http://crl.thawte.com/ThawtePremiumServerCA.crl
Authority Information Access: OCSP - URI:http://ocsp.thawte.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
Hello !
By default, OpenSSL uses PEM format, so if you didn't specify a certificate format of DER, then its a PEM encoded cert. If you look at the cert in a text viewer/editor, you'll see lines that have "--- BEGIN CERTIFICATE---" and "---END CERTIFICATE---" if its PEM encoded.
The certificate is in PEM format. Isn't there anybody that can verify how the eap.conf file should be ? tls { # private_key_password = XXXXXXXXX # private_key_file = ${raddbdir}/certs/somecertificate.cer certificate_file = ${raddbdir}/certs/somecertificate.cer CA_file = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random # fragment_size = 1024 # include_length = yes # check_crl = yes # check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd" # check_cert_cn = %{User-Name} # cipher_list = "DEFAULT" }
participants (3)
-
Michael Griego -
VannMann32 . -
Vineet Verma