radiusd will NOT parse my certificate

Don Osburn xoomrox at comcast.net
Thu Mar 23 19:55:40 CET 2006 

Well, I've searched everywhere, and I can't figure this out.  I admit, I'm
new to all this.

I have built/installed freeradius 1.1.0.  My openssl is version 0.9.6b-29.
I used the defaults everywhere, (ie ./configure, etc).

I created my own CA and my own server and client certificates using openssl.
(I do NOT have CA.pl and I'm danged if I can find it...)  I've created other
certs that I use for email and S/MIME and they work fine.  However, when I
try to install these radius.pem certs and run radiusd -X, I get the
following output;

-------------------------------------------------------------------
<snip....>
rlm_eap: Loaded and initialized type gtc
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = "(null)"
 tls: pem_file_type = yes
 tls: private_key_file = "/usr/local/etc/raddb/certs/ozradiusSRVR-cert.pem"
 tls: certificate_file = "/usr/local/etc/raddb/certs/ozradiusSRVR-cert.pem"
 tls: CA_file = "/usr/local/etc/raddb/certs/ozcacert.pem"
 tls: private_key_password = "whatever"
 tls: dh_file = "/usr/local/etc/raddb/certs/dh"
 tls: random_file = "/usr/local/etc/raddb/certs/random"
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
 tls: check_cert_cn = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
8760:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:662:Expecting: CERTIFICATE
8760:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:662:Expecting: ANY PRIVATE KEY
8760:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:missing asn1
eos:ssl_rsa.c:707:
rlm_eap_tls: Error reading private key file
rlm_eap: Failed to initialize type tls
radiusd.conf[10]: eap: Module instantiation failed.

-------------------------------------------------------------------------------------------


I compared my ozradiusSRVR-cert.pem to the default cert-srv.pem file, and
the format is very different, even tho they are both .pem files......  I
turned on the default cert-srv.pem file in eap.conf, and of course it works
just fine.  However, when I point eap.conf to MY .pem certs, I always get
that error and I can NOT figure out what to do next.

Can anyone help me out here?  This is probably a stupid neophyte question,
but I really need to get this to work, and I can NOT use the default certs
for obvious security reasons.

Any help would be appreciated.

Regards,
Don
xoomrox at comcast.net

More information about the Freeradius-Users mailing list