[MSCHAP/PEAP/EAP-TLS] Default example certificate error

Pete Flynt peteflynt at hotmail.com
Wed Jun 1 16:22:40 CEST 2005

Hi again,

On my quest to get working FreeRadius with Active Directory, I am now stuck 
in the TLS section.

Following some posts on the list ntlm_auth requires mschapv2 and mschapv2 
requires peap which needs tls to work!

So I tried this but without success. I'm using the default example 
certificates. It looks like the errors are in the source files.

That's what I get when executing radiusd:

tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
tls: certificate_file = "(null)"
tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "SecretKeyPass77"
tls: dh_file = "/usr/local/etc/raddb/certs/dh"
tls: random_file = "/dev/urandom"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
4121:error:0906D06C:PEM routines:PEM_read_bio:no start 
line:pem_lib.c:632:Expecting: CERTIFICATE
4121:error:0200100E:system library:fopen:Bad 
4121:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
4121:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system 
rlm_eap_tls: Error reading certificate file
rlm_eap: Failed to initialize type tls
radiusd.conf[9]: eap: Module instantiation failed.

What could be wrong? I just followed the description of the conf files and 
some hints on the list here.


FREE pop-up blocking with the new MSN Toolbar - get it now! 

More information about the Freeradius-Users mailing list