Eap-Tls Problem

Matteo Lazzarini mlazzarini at crema.unimi.it
Tue Aug 22 13:24:30 CEST 2006

Alan DeKok wrote:

>Matteo Lazzarini <mlazzarini at crema.unimi.it> wrote:
>>I made server cert with this script:
>  The server comes with scripts to generate the certs with the correct
>OID's.  See the "scripts" directory.
>  Alan DeKok.
>  http://deployingradius.com       - The web site of the book
>  http://deployingradius.com/blog/ - The blog
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Hi, when I runned the server script I look this:

Creating client private key and certificate
When prompted enter the client name in the Common Name field. This is 
the same
 used as the Username in FreeRADIUS

Generating a 1024 bit RSA private key
writing new private key to 'newreq.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [IT]:
State or Province Name (full name) [ITALY]:
Locality Name (eg, city) []:Bxxxxxxxx
Organization Name (eg, company) [Grupxxxxx]:
Second Organization Name (eg, company) [802.1x Authentication]:
Organizational Unit Name (eg, section) []:xxxx xxx
Common Name (eg, YOUR name) []:matteo
Email Address []:matteo at xxxxxxxxxxx

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:whatever
An optional company name []:
Using configuration from /usr/lib/ssl/openssl.cnf
DEBUG[load_index]: unique_subject = "yes"
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number:
            Not Before: Aug 22 09:18:19 2006 GMT
            Not After : Aug 22 09:18:19 2007 GMT
            countryName               = IT
            stateOrProvinceName       = ITALY
            localityName              = Bxxxxxx
            organizationName          = Grupxxxxxx
            organizationName          = 802.1x Authentication
            organizationalUnitName    = xxxx xxxx
            commonName                = matteo
            emailAddress              = matteo at xxxxxxxx
        *X509v3 extensions:
            X509v3 Extended Key Usage:
                TLS Web Client Authentication*
Certificate is to be certified until Aug 22 09:18:19 2007 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
MAC verified OK

Why I don't see the *X509v3 extensions *and* X509v3 Extended Key Usage*?
Where are the faults in the script CA.clt and CA.srv?


More information about the Freeradius-Devel mailing list