openssl fails

Adam Rogalski arogal at wp.pl
Thu Dec 29 09:29:19 CET 2005


you have to put the path to files which he can't find.


----- Original Message ----- 
From: "pelusa vali" <pelusitavali at hotmail.com>
To: <freeradius-users at lists.freeradius.org>
Sent: Thursday, December 29, 2005 12:34 AM
Subject: openssl fails


> hi everybody, well finally get install openssl v0.9.8a, now when i try to 
> generate certificates to be used with freeradius (eap-tls or eap-peap) i 
> use these command to CERTIFICATE AUTHORITY GENERATION:
>
> #openssl req -new -x509 -keyout newreq.pem -out newreq.pem -passin 
> pass:clue1 -passout pass:clue1
> #openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out 
> root.p12 -cacerts -passin pass:clue1 -passout pass:clue1
> #openssl pkcs12 -in root.p12 -out root.pem -passin pass:clue1 -passout 
> pass:clue1
>
> (i copied root.p12 from freeradius files)
>
> #openssl x509 -inform PEM -outform DER -in root.pem -out root.der
> #rm -rf newreq.pem
>
> and these to SERVER CERTIFICATE GENERATION:
>
> #openssl req -new -keyout newreq.pem -out newreq.pem -passin 
> pass:whatever -passout pass:clue1
> #openssl ca -policy policy_anything -out newcert.pem -passin 
> pass:whatever -key whatever -extensions xpserver_ext -extfile 
> xpextensions -infiles newreq.pem
>
> right here, when using this command i get this error:
>
> Error opening CA private key ./demoCA/private/cakey.pem
> 4161:error:02001002:system library:fopen:No such file or 
> directory:bss_file.c:349:fopen ('./demoCA/private/cakey.pem' ,'r')
> 4161:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:351:
> unable to load CA private key
>
> well i really don't understand what this mean but reviewed 
> ./demoCA/private/cakey.pem and effectively it's there, so why openssl 
> cann't locate it?? why unable to load CA private key??
>
> so, i tried this:
>
> #openssl x509 -inform PEM -outform DER -in demoCA/cacert.pem -out 
> demoCA/cacert.der
>
> but now get this:
>
> 4201:error:0906D06C:PEM routines:PEM_read_bio:no start 
> line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE
>
> excuse if this question is so trivial but i really don't understand it. 
> could any body help and tell me what is happening?? thanks for your 
> patience and help.
>
> _________________________________________________________________
> Las mejores tiendas, los precios mas bajos, entregas en todo el mundo, 
> YupiMSN Compras: http://latam.msn.com/compras/
>
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 




More information about the Freeradius-Users mailing list