problem with certificate

lvizcardof at unsa.edu.pe lvizcardof at unsa.edu.pe
Thu Nov 15 15:54:55 CET 2007


Hello.
I create mi certificate with openssl its version is openssl-0.9.7f-7.10.
============
The configuration from eap.conf is

  eap {
                 default_eap_type = ttls
                 timer_expire     = 60
                 ignore_unknown_eap_types = no
                 cisco_accounting_username_bug = no
                 md5 {
                 }

                 tls {
                         private_key_password = whatever
                         private_key_file = /CA/cert-srv-key.pem
                         certificate_file = /CA/cert-srv.pem
                         CA_file = /CA/cacert.pem
                         dh_file = ${raddbdir}/certs/dh
                         random_file = ${raddbdir}/certs/random
                      }
                ttls {
                         default_eap_type = md5
                         copy_request_to_tunnel = no
                      }
                peap {
                         default_eap_type = mschapv2
                 }
                 mschapv2 {
                 }
           }
=============================
When I run radiusd it show the followin mistake
recated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
  exec: wait = yes
  exec: program = "(null)"
  exec: input_pairs = "request"
  exec: output_pairs = "(null)"
  exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
  pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
  mschap: use_mppe = yes
  mschap: require_encryption = no
  mschap: require_strong = no
  mschap: with_ntdomain_hack = no
  mschap: passwd = "(null)"
  mschap: authtype = "MS-CHAP"
  mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
  unix: cache = no
  unix: passwd = "(null)"
  unix: shadow = "(null)"
  unix: group = "(null)"
  unix: radwtmp = "/var/log/radius/radwtmp"
  unix: usegroup = no
  unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
  eap: default_eap_type = "md5"
  eap: timer_expire = 60
  eap: ignore_unknown_eap_types = no
  eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
  tls: rsa_key_exchange = no
  tls: dh_key_exchange = yes
  tls: rsa_key_length = 512
  tls: dh_key_length = 512
  tls: verify_depth = 0
  tls: CA_path = "(null)"
  tls: pem_file_type = yes
  tls: private_key_file = "/CA/cert-srv-key.pem"
  tls: certificate_file = "/CA/cert-srv.pem"
  tls: CA_file = "/CA/cacert.pem"
  tls: private_key_password = "whatever"
  tls: dh_file = "/etc/raddb/certs/dh"
  tls: random_file = "/etc/raddb/certs/random"
  tls: fragment_size = 1024
  tls: include_length = yes
  tls: check_crl = no
  tls: check_cert_cn = "(null)"
6592:error:0906D06C:PEM routines:PEM_read_bio:no start  
line:pem_lib.c:642:Expecting: CERTIFICATE
6592:error:0906D06C:PEM routines:PEM_read_bio:no start  
line:pem_lib.c:642:Expecting: CERTIFICATE
6592:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM  
lib:ssl_rsa.c:536:
rlm_eap_tls: Error reading certificate file
rlm_eap: Failed to initialize type tls
radiusd.conf[3]: eap: Module instantiation failed.
=======================
If any have the same problem and have the solution, write me.



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.





More information about the Freeradius-Users mailing list