openssl certificate, need help

Collen Blijenberg collen at mail.hermanjordan.nl
Fri Sep 1 16:45:51 CEST 2006 

Could someone help me out pleas...

we're trying to make our wpa-wlan work, but currently i'm stuck with the
certificates part of tls.

i'd tried running CA.all, but the script gives me error's. (freeradius 
1.1.3)

-----------------
+ openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out 
root.p12 -cacerts -passin pass:whatever -passout pass:whatever
Error opening input file demoCA/cacert.pem
demoCA/cacert.pem: No such file or directory
+ openssl pkcs12 -in root.p12 -out root.pem -passin pass:whatever 
-passout pass:whatever
Error opening input file root.p12
root.p12: No such file or directory
+ openssl x509 -inform PEM -outform DER -in root.pem -out root.der
Error opening Certificate root.pem
20898:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:278:fopen('root.pem','r')
20898:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:280:
unable to load certificate
--------------------

in the script dir there is no demoCA en no cacert.pam?! also, the CA.all 
script has a rm -rf demoCA.
so if i comment the 'rm' out, copied the default demoCA and cacert.pam 
from my working installation
(version 1.0.2 that was shipped with fedora, and has certificates for 
localhost)

and gues what, another error:

-------------------------------
+ openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out 
root.p12 -cacerts -passin pass:whatever -passout pass:whatever
No certificate matches private key
+ openssl pkcs12 -in root.p12 -out root.pem -passin pass:whatever 
-passout pass:whatever
21004:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too 
long:asn1_lib.c:140:
+ openssl x509 -inform PEM -outform DER -in root.pem -out root.der
unable to load certificate
21005:error:0906D06C:PEM routines:PEM_read_bio:no start 
line:pem_lib.c:642:Expecting: TRUSTED CERTIFICATE
+ echo -e ''
---------------------------------

dunno where to go now!? is there some help on how to make the 
certificate thing work for tls, and windowsxpsp2 clients ??

Thx

Collen

More information about the Freeradius-Users mailing list