[MSCHAP/PEAP/EAP-TLS] Default example certificate error

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Wed Jun 1 20:20:35 CEST 2005


Hi,

> tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
> tls: certificate_file = "(null)"
> tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"
> tls: private_key_password = "SecretKeyPass77"
> tls: dh_file = "/usr/local/etc/raddb/certs/dh"
> tls: random_file = "/dev/urandom"
> tls: fragment_size = 1024
> tls: include_length = yes
> tls: check_crl = no
> tls: check_cert_cn = "(null)"
> 4121:error:0906D06C:PEM routines:PEM_read_bio:no start 
> line:pem_lib.c:632:Expecting: CERTIFICATE
> 4121:error:0200100E:system library:fopen:Bad 
> address:bss_file.c:259:fopen('','r')
> 4121:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
> 4121:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system 
> lib:ssl_rsa.c:513:
> rlm_eap_tls: Error reading certificate file
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

thats whats wrong. I see abve you are telling it to use:
/usr/local/etc/raddb/certs/demoCA/cacert.pem  and
/usr/local/etc/raddb/certs/cert-srv.pem

are those files in the right format? that 4 or 5 lines above
the final error dont seem happy. What about read permissions
for that directory and its files? Can the FreeRADIUS user read them?

alan



More information about the Freeradius-Users mailing list