[MSCHAP/PEAP/EAP-TLS] Default example certificate error
Hi again, On my quest to get working FreeRadius with Active Directory, I am now stuck in the TLS section. Following some posts on the list ntlm_auth requires mschapv2 and mschapv2 requires peap which needs tls to work! So I tried this but without success. I'm using the default example certificates. It looks like the errors are in the source files. That's what I get when executing radiusd: tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "(null)" tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "SecretKeyPass77" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/dev/urandom" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" 4121:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFICATE 4121:error:0200100E:system library:fopen:Bad address:bss_file.c:259:fopen('','r') 4121:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261: 4121:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib:ssl_rsa.c:513: rlm_eap_tls: Error reading certificate file rlm_eap: Failed to initialize type tls radiusd.conf[9]: eap: Module instantiation failed. What could be wrong? I just followed the description of the conf files and some hints on the list here. Regards, Pete _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
Hi,
tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "(null)" tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "SecretKeyPass77" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/dev/urandom" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" 4121:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFICATE 4121:error:0200100E:system library:fopen:Bad address:bss_file.c:259:fopen('','r') 4121:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261: 4121:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib:ssl_rsa.c:513: rlm_eap_tls: Error reading certificate file ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
thats whats wrong. I see abve you are telling it to use: /usr/local/etc/raddb/certs/demoCA/cacert.pem and /usr/local/etc/raddb/certs/cert-srv.pem are those files in the right format? that 4 or 5 lines above the final error dont seem happy. What about read permissions for that directory and its files? Can the FreeRADIUS user read them? alan
participants (2)
-
A.L.M.Buxey@lboro.ac.uk -
Pete Flynt