Eap-Tls Problem

Matteo Lazzarini mlazzarini at crema.unimi.it
Tue Aug 22 13:24:30 CEST 2006 

Alan DeKok wrote:

>Matteo Lazzarini <mlazzarini at crema.unimi.it> wrote:
>  
>
>>I made server cert with this script:
>>    
>>
>
>  The server comes with scripts to generate the certs with the correct
>OID's.  See the "scripts" directory.
>
>  Alan DeKok.
>--
>  http://deployingradius.com       - The web site of the book
>  http://deployingradius.com/blog/ - The blog
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
>
>  
>
Hi, when I runned the server script I look this:

********************************************************************************
Creating client private key and certificate
When prompted enter the client name in the Common Name field. This is 
the same
 used as the Username in FreeRADIUS
*********************************************************************************

Generating a 1024 bit RSA private key
.......++++++
...............++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [IT]:
State or Province Name (full name) [ITALY]:
Locality Name (eg, city) []:Bxxxxxxxx
Organization Name (eg, company) [Grupxxxxx]:
Second Organization Name (eg, company) [802.1x Authentication]:
Organizational Unit Name (eg, section) []:xxxx xxx
Common Name (eg, YOUR name) []:matteo
Email Address []:matteo at xxxxxxxxxxx

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:whatever
An optional company name []:
Using configuration from /usr/lib/ssl/openssl.cnf
DEBUG[load_index]: unique_subject = "yes"
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number:
            bd:b5:64:ad:c1:0b:34:50
        Validity
            Not Before: Aug 22 09:18:19 2006 GMT
            Not After : Aug 22 09:18:19 2007 GMT
        Subject:
            countryName               = IT
            stateOrProvinceName       = ITALY
            localityName              = Bxxxxxx
            organizationName          = Grupxxxxxx
            organizationName          = 802.1x Authentication
            organizationalUnitName    = xxxx xxxx
            commonName                = matteo
            emailAddress              = matteo at xxxxxxxx
        *X509v3 extensions:
            X509v3 Extended Key Usage:
                TLS Web Client Authentication*
Certificate is to be certified until Aug 22 09:18:19 2007 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
MAC verified OK

Why I don't see the *X509v3 extensions *and* X509v3 Extended Key Usage*?
Where are the faults in the script CA.clt and CA.srv?

Thanks

More information about the Freeradius-Devel mailing list