Well, I've searched everywhere, and I can't figure this out. I admit, I'm new to all this. I have built/installed freeradius 1.1.0. My openssl is version 0.9.6b-29. I used the defaults everywhere, (ie ./configure, etc). I created my own CA and my own server and client certificates using openssl. (I do NOT have CA.pl and I'm danged if I can find it...) I've created other certs that I use for email and S/MIME and they work fine. However, when I try to install these radius.pem certs and run radiusd -X, I get the following output; ------------------------------------------------------------------- <snip....> rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/etc/raddb/certs/ozradiusSRVR-cert.pem" tls: certificate_file = "/usr/local/etc/raddb/certs/ozradiusSRVR-cert.pem" tls: CA_file = "/usr/local/etc/raddb/certs/ozcacert.pem" tls: private_key_password = "whatever" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/usr/local/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" rlm_eap_tls: Loading the certificate file as a chain 8760:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expecting: CERTIFICATE 8760:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expecting: ANY PRIVATE KEY 8760:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:missing asn1 eos:ssl_rsa.c:707: rlm_eap_tls: Error reading private key file rlm_eap: Failed to initialize type tls radiusd.conf[10]: eap: Module instantiation failed. ------------------------------------------------------------------------------------------- I compared my ozradiusSRVR-cert.pem to the default cert-srv.pem file, and the format is very different, even tho they are both .pem files...... I turned on the default cert-srv.pem file in eap.conf, and of course it works just fine. However, when I point eap.conf to MY .pem certs, I always get that error and I can NOT figure out what to do next. Can anyone help me out here? This is probably a stupid neophyte question, but I really need to get this to work, and I can NOT use the default certs for obvious security reasons. Any help would be appreciated. Regards, Don xoomrox@comcast.net
participants (2)
-
Alan DeKok -
Don Osburn