EAP-TLS certificate

xia sihua walter.xia at gmail.com
Tue Apr 8 01:47:11 CEST 2008


> Message: 8
> Date: Sat, 05 Apr 2008 08:49:35 +0200
> From: Alan DeKok <aland at deployingradius.com>
> Subject: Re: EAP-TLS certificate
> To: FreeRadius users mailing list
>        <freeradius-users at lists.freeradius.org>
> Message-ID: <47F720FF.3040406 at deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> xia sihua wrote:
> ...
> > CA_file = ${cadir}/ca.pem
> > ....
> >
> >   The supplicant I use TeraDot1x Tester from Spirent communication.
> > ...
> > Configuration:
> ...
> > Root Certificate Filename: server.pem
>
>  I think that should be "ca.pem".

Actually, it can only pass using server.pem provided by spirent
certificate. If replace ca.pem provided by spirent, it will fails.

>
> >   rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
> > TLS Alert read:fatal:unknown CA
>
>  Yes, the client is telling you that it doesn't know anything about ca.pem.
>
> > If I change Root Certificate Filename from server.pem to ca.pem, will
> > come out following error.
> > ....
> >   eaptls_verify returned 11
> >   rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal bad_certificate
> > TLS Alert read:fatal:bad certificate
>
>  Ask the supplicant vendor why they don't like the certificate we provide.
>
> > If I use those certificates provided by spirent, can pass. I donot know why?
> > Any ideas?
>
>  Print out the spirent certificates, and post the result here.  Maybe
> there's some extra magic needed.
>
> $ openssl x509 -text -in spirent.crt
I have print out ca.pem, server.pem, client.pem provided by spirent.
But server.pem and client.pem cannot verify pass uising openssl. pls
see the late.
[root at localhost test_spirent]# openssl x509 -text -in ca.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=US, ST=CA, L=Calabasas, O=Spirent, OU=Engn, CN=Ivan
Yeung/emailAddress=ivan.yeung at spirentcom.com
        Validity
            Not Before: Apr 29 01:15:25 2005 GMT
            Not After : Apr 28 01:15:25 2008 GMT
        Subject: C=US, ST=CA, L=Calabasas, O=Spirent, OU=Engn, CN=Ivan
Yeung/emailAddress=ivan.yeung at spirentcom.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:ab:b8:1a:5f:13:92:83:1e:29:af:f0:66:8d:7f:
                    7f:68:8f:40:0d:6b:8b:2d:52:ed:57:ec:97:f3:8a:
                    1b:8a:cb:87:8f:33:fe:bd:5a:ab:2a:e4:62:f0:bd:
                    98:28:2d:54:db:b2:34:fa:47:e7:18:02:86:e9:f3:
                    3c:dc:5c:d4:2b:81:f2:6e:82:2f:a5:5f:e7:94:dd:
                    86:02:6d:9c:e4:ed:2e:a5:9d:8a:bc:52:e2:e4:6d:
                    ed:30:07:57:bd:e9:1d:08:33:37:26:a9:27:a2:39:
                    71:cf:0f:63:0c:8e:6b:24:ee:c1:9a:09:aa:c8:d2:
                    dc:a1:b3:16:79:7e:37:1d:75:14:a3:28:eb:2c:bb:
                    cc:94:b0:a7:38:e7:0a:a9:45:60:02:95:23:59:00:
                    72:a7:c5:66:a5:7c:e9:01:83:bf:ec:5d:69:e2:f7:
                    d6:5b:97:b8:9a:35:bc:55:02:d1:3f:7d:c7:46:0b:
                    f9:fd:d3:b9:f5:ba:69:6d:e6:6b:e6:d2:c3:f4:ee:
                    a1:59:8b:c2:cc:db:22:7d:8e:90:f8:7e:33:fd:ac:
                    d0:00:14:d6:6d:5e:3b:fa:3e:84:3f:45:72:4b:ef:
                    19:63:4a:4e:aa:30:c2:c6:b4:6e:27:cc:03:29:5e:
                    01:2f:c3:e1:4d:cf:e7:ce:5d:7c:a5:8d:c0:ea:af:
                    b3:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:5E:3D:62:CB:05:F2:02:9C:0D:74:B4:D7:98:CE:B5:15:3C:5F:9F
            X509v3 Authority Key Identifier:

keyid:0F:5E:3D:62:CB:05:F2:02:9C:0D:74:B4:D7:98:CE:B5:15:3C:5F:9F

DirName:/C=US/ST=CA/L=Calabasas/O=Spirent/OU=Engn/CN=Ivan
Yeung/emailAddress=ivan.yeung at spirentcom.com
                serial:00

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: md5WithRSAEncryption
        a7:4b:cd:04:86:e1:cd:2f:3a:b8:68:6b:3a:0b:18:b7:c1:8c:
        f0:88:b2:f7:9d:3f:f8:31:7c:6c:59:2c:61:1e:3e:0a:ac:52:
        ae:d2:ca:42:5a:ff:46:89:12:80:75:e4:e1:89:3d:71:e3:d9:
        31:05:f8:b9:02:c4:cc:a7:6e:73:52:ad:4a:74:30:01:3d:24:
        97:93:6f:fb:8f:7b:2d:36:0a:a8:63:dc:35:31:0a:33:31:bb:
        ff:0e:32:29:30:c3:76:bd:3f:13:8a:6b:35:af:99:5e:ea:5d:
        5e:aa:49:ac:d3:8b:22:64:19:a8:48:e5:a2:54:9d:ea:a4:1c:
        a4:e3:e4:ff:86:18:77:c1:c2:17:61:dd:9e:f4:d0:b8:4c:23:
        95:f2:16:45:03:fa:9a:38:08:48:c7:d6:74:72:46:86:a3:93:
        fe:df:d4:80:cd:d0:52:23:0b:61:f2:ad:6b:24:01:a6:31:ee:
        17:49:b5:ee:27:f4:f8:15:eb:c1:51:25:c3:e5:94:09:20:93:
        69:fa:31:3d:88:f7:50:bb:95:5d:92:91:7d:f7:6e:90:df:d1:
        67:77:56:10:0f:79:dc:94:5e:ea:3e:39:73:28:a7:59:db:b8:
        3e:a0:f4:7d:cf:9f:70:63:e0:3a:a0:6d:61:a3:1c:2a:50:dc:
        38:51:9e:3c
-----BEGIN CERTIFICATE-----
MIIEiDCCA3CgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBjjELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlDYWxhYmFzYXMxEDAOBgNVBAoTB1NwaXJl
bnQxDTALBgNVBAsTBEVuZ24xEzARBgNVBAMTCkl2YW4gWWV1bmcxKDAmBgkqhkiG
9w0BCQEWGWl2YW4ueWV1bmdAc3BpcmVudGNvbS5jb20wHhcNMDUwNDI5MDExNTI1
WhcNMDgwNDI4MDExNTI1WjCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIw
EAYDVQQHEwlDYWxhYmFzYXMxEDAOBgNVBAoTB1NwaXJlbnQxDTALBgNVBAsTBEVu
Z24xEzARBgNVBAMTCkl2YW4gWWV1bmcxKDAmBgkqhkiG9w0BCQEWGWl2YW4ueWV1
bmdAc3BpcmVudGNvbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCruBpfE5KDHimv8GaNf39oj0ANa4stUu1X7JfzihuKy4ePM/69Wqsq5GLwvZgo
LVTbsjT6R+cYAobp8zzcXNQrgfJugi+lX+eU3YYCbZzk7S6lnYq8UuLkbe0wB1e9
6R0IMzcmqSeiOXHPD2MMjmsk7sGaCarI0tyhsxZ5fjcddRSjKOssu8yUsKc45wqp
RWAClSNZAHKnxWalfOkBg7/sXWni99Zbl7iaNbxVAtE/fcdGC/n907n1umlt5mvm
0sP07qFZi8LM2yJ9jpD4fjP9rNAAFNZtXjv6PoQ/RXJL7xljSk6qMMLGtG4nzAMp
XgEvw+FNz+fOXXyljcDqr7OLAgMBAAGjge4wgeswHQYDVR0OBBYEFA9ePWLLBfIC
nA10tNeYzrUVPF+fMIG7BgNVHSMEgbMwgbCAFA9ePWLLBfICnA10tNeYzrUVPF+f
oYGUpIGRMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCUNh
bGFiYXNhczEQMA4GA1UEChMHU3BpcmVudDENMAsGA1UECxMERW5nbjETMBEGA1UE
AxMKSXZhbiBZZXVuZzEoMCYGCSqGSIb3DQEJARYZaXZhbi55ZXVuZ0BzcGlyZW50
Y29tLmNvbYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4IBAQCnS80E
huHNLzq4aGs6Cxi3wYzwiLL3nT/4MXxsWSxhHj4KrFKu0spCWv9GiRKAdeThiT1x
49kxBfi5AsTMp25zUq1KdDABPSSXk2/7j3stNgqoY9w1MQozMbv/DjIpMMN2vT8T
ims1r5le6l1eqkms04siZBmoSOWiVJ3qpByk4+T/hhh3wcIXYd2e9NC4TCOV8hZF
A/qaOAhIx9Z0ckaGo5P+39SAzdBSIwth8q1rJAGmMe4XSbXuJ/T4FevBUSXD5ZQJ
IJNp+jE9iPdQu5VdkpF9926Q39Fnd1YQD3nclF7qPjlzKKdZ27g+oPR9z59wY+A6
oG1hoxwqUNw4UZ48
-----END CERTIFICATE-----
[root at localhost test_spirent]#


[root at localhost test_spirent]# openssl x509 -text -in server.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=US, ST=CA, L=Calabasas, O=Spirent, OU=Engn,
CN=Radius/emailAddress=radius at spirentcom.com
        Validity
            Not Before: Apr 29 01:19:08 2005 GMT
            Not After : Apr 28 01:19:08 2008 GMT
        Subject: C=US, ST=CA, L=Calabasas, O=Spirent, OU=Engn,
CN=Radius/emailAddress=radius at spirentcom.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:b3:bf:e4:75:11:ac:b0:71:87:23:91:e7:f7:88:
                    35:98:dc:59:17:b8:30:3e:bc:6b:fa:93:5d:e1:50:
                    b7:02:aa:43:82:d5:95:71:c0:21:39:be:2b:2a:90:
                    bb:a7:58:42:7e:d9:1e:62:bd:77:1d:5e:ea:b9:92:
                    0f:8e:cd:e0:62:af:2f:02:c4:1e:b1:85:39:6c:df:
                    79:ca:c9:5d:72:22:bd:34:11:3b:42:2e:8e:a4:ce:
                    44:0d:0e:7c:74:11:3a:c0:ca:28:31:c1:50:67:6c:
                    e5:98:e6:b0:e2:37:55:9a:3d:ef:9d:37:b9:e3:dc:
                    9a:68:03:2b:f7:20:05:21:2a:65:6f:78:03:55:7e:
                    67:71:5c:af:e3:be:f8:20:56:01:4d:49:3e:9d:66:
                    1b:cf:35:08:b8:be:36:d3:63:65:22:1e:79:72:09:
                    e2:d6:d3:0c:7e:b7:e5:92:a3:91:fa:b2:08:55:f1:
                    87:6c:a7:35:7c:dc:d0:2f:a4:1a:fd:03:cb:1b:61:
                    6a:ee:48:96:4c:19:e3:30:88:f9:a0:57:04:e0:14:
                    da:d8:0d:0d:54:b6:cd:3a:67:d2:2e:85:aa:d7:b6:
                    14:7d:10:20:51:70:d6:63:e0:b3:08:70:6a:f7:d4:
                    3f:02:15:33:92:9d:56:19:2e:54:66:4b:8d:2b:50:
                    ac:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:72:80:A1:2E:2A:E0:0B:42:ED:B2:E0:3B:94:81:E4:6A:85:A2:FE
            X509v3 Authority Key Identifier:

keyid:4E:72:80:A1:2E:2A:E0:0B:42:ED:B2:E0:3B:94:81:E4:6A:85:A2:FE

DirName:/C=US/ST=CA/L=Calabasas/O=Spirent/OU=Engn/CN=Radius/emailAddress=radius at spirentcom.com
                serial:00

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: md5WithRSAEncryption
        65:01:f8:58:99:69:8d:5f:cb:82:2b:38:23:72:ae:9f:fb:07:
        51:c8:ca:b0:4e:43:49:35:41:f0:3d:aa:64:e5:04:9c:31:e1:
        0d:d4:41:05:29:78:96:cd:51:b0:79:dc:f5:2f:a9:d7:8f:95:
        db:9b:45:3b:ed:0d:e8:76:0c:b3:80:71:24:74:59:74:52:a6:
        be:fd:a3:4c:7d:45:9f:38:b2:39:ca:02:80:f2:3e:ca:d2:4d:
        f6:a4:59:38:d2:b3:ed:ba:a2:62:eb:6f:e2:29:44:21:87:fe:
        01:b2:c3:f6:4b:38:fb:d0:5e:07:3e:8e:5e:ee:7d:05:02:51:
        08:f2:1b:3a:cc:44:b6:9c:85:65:36:57:6c:b3:9b:ad:9a:6e:
        eb:c1:5f:4d:a5:0d:4b:ce:12:a3:f4:41:d7:29:46:b5:b3:b7:
        3d:e8:ae:5f:83:0d:e4:9b:8d:a9:c6:6e:c8:0c:16:4e:eb:c9:
        d4:ec:98:27:23:34:8c:1f:40:84:cb:0d:ee:11:e6:c1:c6:4a:
        46:ba:cb:1a:42:0e:39:1a:96:ca:82:36:86:e7:33:a7:29:22:
        a7:e8:ac:c9:90:ed:48:5d:85:57:67:d8:58:0f:5c:3c:dc:4e:
        9f:da:4c:fb:e6:e0:49:85:ea:f2:dc:cf:30:7c:04:e1:4e:d5:
        e1:fa:c0:7c
-----BEGIN CERTIFICATE-----
MIIEcDCCA1igAwIBAgIBADANBgkqhkiG9w0BAQQFADCBhjELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlDYWxhYmFzYXMxEDAOBgNVBAoTB1NwaXJl
bnQxDTALBgNVBAsTBEVuZ24xDzANBgNVBAMTBlJhZGl1czEkMCIGCSqGSIb3DQEJ
ARYVcmFkaXVzQHNwaXJlbnRjb20uY29tMB4XDTA1MDQyOTAxMTkwOFoXDTA4MDQy
ODAxMTkwOFowgYYxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJ
Q2FsYWJhc2FzMRAwDgYDVQQKEwdTcGlyZW50MQ0wCwYDVQQLEwRFbmduMQ8wDQYD
VQQDEwZSYWRpdXMxJDAiBgkqhkiG9w0BCQEWFXJhZGl1c0BzcGlyZW50Y29tLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALO/5HURrLBxhyOR5/eI
NZjcWRe4MD68a/qTXeFQtwKqQ4LVlXHAITm+KyqQu6dYQn7ZHmK9dx1e6rmSD47N
4GKvLwLEHrGFOWzfecrJXXIivTQRO0IujqTORA0OfHQROsDKKDHBUGds5ZjmsOI3
VZo97503uePcmmgDK/cgBSEqZW94A1V+Z3Fcr+O++CBWAU1JPp1mG881CLi+NtNj
ZSIeeXIJ4tbTDH635ZKjkfqyCFXxh2ynNXzc0C+kGv0Dyxthau5IlkwZ4zCI+aBX
BOAU2tgNDVS2zTpn0i6Fqte2FH0QIFFw1mPgswhwavfUPwIVM5KdVhkuVGZLjStQ
rOMCAwEAAaOB5jCB4zAdBgNVHQ4EFgQUTnKAoS4q4AtC7bLgO5SB5GqFov4wgbMG
A1UdIwSBqzCBqIAUTnKAoS4q4AtC7bLgO5SB5GqFov6hgYykgYkwgYYxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJQ2FsYWJhc2FzMRAwDgYDVQQK
EwdTcGlyZW50MQ0wCwYDVQQLEwRFbmduMQ8wDQYDVQQDEwZSYWRpdXMxJDAiBgkq
hkiG9w0BCQEWFXJhZGl1c0BzcGlyZW50Y29tLmNvbYIBADAMBgNVHRMEBTADAQH/
MA0GCSqGSIb3DQEBBAUAA4IBAQBlAfhYmWmNX8uCKzgjcq6f+wdRyMqwTkNJNUHw
Papk5QScMeEN1EEFKXiWzVGwedz1L6nXj5Xbm0U77Q3odgyzgHEkdFl0Uqa+/aNM
fUWfOLI5ygKA8j7K0k32pFk40rPtuqJi62/iKUQhh/4BssP2Szj70F4HPo5e7n0F
AlEI8hs6zES2nIVlNldss5utmm7rwV9NpQ1LzhKj9EHXKUa1s7c96K5fgw3km42p
xm7IDBZO68nU7JgnIzSMH0CEyw3uEebBxkpGussaQg45GpbKgjaG5zOnKSKn6KzJ
kO1IXYVXZ9hYD1w83E6f2kz75uBJhery3M8wfAThTtXh+sB8
-----END CERTIFICATE-----
[root at localhost test_spirent]#


[root at localhost test_spirent]# openssl x509 -text -in client.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=US, ST=CA, L=Calabasas, O=Spirent, OU=Engn, CN=Ivan
Yeung/emailAddress=ivan.yeung at spirentcom.com
        Validity
            Not Before: Apr 29 01:15:25 2005 GMT
            Not After : Apr 28 01:15:25 2008 GMT
        Subject: C=US, ST=CA, L=Calabasas, O=Spirent, OU=Engn, CN=Ivan
Yeung/emailAddress=ivan.yeung at spirentcom.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:ab:b8:1a:5f:13:92:83:1e:29:af:f0:66:8d:7f:
                    7f:68:8f:40:0d:6b:8b:2d:52:ed:57:ec:97:f3:8a:
                    1b:8a:cb:87:8f:33:fe:bd:5a:ab:2a:e4:62:f0:bd:
                    98:28:2d:54:db:b2:34:fa:47:e7:18:02:86:e9:f3:
                    3c:dc:5c:d4:2b:81:f2:6e:82:2f:a5:5f:e7:94:dd:
                    86:02:6d:9c:e4:ed:2e:a5:9d:8a:bc:52:e2:e4:6d:
                    ed:30:07:57:bd:e9:1d:08:33:37:26:a9:27:a2:39:
                    71:cf:0f:63:0c:8e:6b:24:ee:c1:9a:09:aa:c8:d2:
                    dc:a1:b3:16:79:7e:37:1d:75:14:a3:28:eb:2c:bb:
                    cc:94:b0:a7:38:e7:0a:a9:45:60:02:95:23:59:00:
                    72:a7:c5:66:a5:7c:e9:01:83:bf:ec:5d:69:e2:f7:
                    d6:5b:97:b8:9a:35:bc:55:02:d1:3f:7d:c7:46:0b:
                    f9:fd:d3:b9:f5:ba:69:6d:e6:6b:e6:d2:c3:f4:ee:
                    a1:59:8b:c2:cc:db:22:7d:8e:90:f8:7e:33:fd:ac:
                    d0:00:14:d6:6d:5e:3b:fa:3e:84:3f:45:72:4b:ef:
                    19:63:4a:4e:aa:30:c2:c6:b4:6e:27:cc:03:29:5e:
                    01:2f:c3:e1:4d:cf:e7:ce:5d:7c:a5:8d:c0:ea:af:
                    b3:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:5E:3D:62:CB:05:F2:02:9C:0D:74:B4:D7:98:CE:B5:15:3C:5F:9F
            X509v3 Authority Key Identifier:

keyid:0F:5E:3D:62:CB:05:F2:02:9C:0D:74:B4:D7:98:CE:B5:15:3C:5F:9F

DirName:/C=US/ST=CA/L=Calabasas/O=Spirent/OU=Engn/CN=Ivan
Yeung/emailAddress=ivan.yeung at spirentcom.com
                serial:00

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: md5WithRSAEncryption
        a7:4b:cd:04:86:e1:cd:2f:3a:b8:68:6b:3a:0b:18:b7:c1:8c:
        f0:88:b2:f7:9d:3f:f8:31:7c:6c:59:2c:61:1e:3e:0a:ac:52:
        ae:d2:ca:42:5a:ff:46:89:12:80:75:e4:e1:89:3d:71:e3:d9:
        31:05:f8:b9:02:c4:cc:a7:6e:73:52:ad:4a:74:30:01:3d:24:
        97:93:6f:fb:8f:7b:2d:36:0a:a8:63:dc:35:31:0a:33:31:bb:
        ff:0e:32:29:30:c3:76:bd:3f:13:8a:6b:35:af:99:5e:ea:5d:
        5e:aa:49:ac:d3:8b:22:64:19:a8:48:e5:a2:54:9d:ea:a4:1c:
        a4:e3:e4:ff:86:18:77:c1:c2:17:61:dd:9e:f4:d0:b8:4c:23:
        95:f2:16:45:03:fa:9a:38:08:48:c7:d6:74:72:46:86:a3:93:
        fe:df:d4:80:cd:d0:52:23:0b:61:f2:ad:6b:24:01:a6:31:ee:
        17:49:b5:ee:27:f4:f8:15:eb:c1:51:25:c3:e5:94:09:20:93:
        69:fa:31:3d:88:f7:50:bb:95:5d:92:91:7d:f7:6e:90:df:d1:
        67:77:56:10:0f:79:dc:94:5e:ea:3e:39:73:28:a7:59:db:b8:
        3e:a0:f4:7d:cf:9f:70:63:e0:3a:a0:6d:61:a3:1c:2a:50:dc:
        38:51:9e:3c
-----BEGIN CERTIFICATE-----
MIIEiDCCA3CgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBjjELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlDYWxhYmFzYXMxEDAOBgNVBAoTB1NwaXJl
bnQxDTALBgNVBAsTBEVuZ24xEzARBgNVBAMTCkl2YW4gWWV1bmcxKDAmBgkqhkiG
9w0BCQEWGWl2YW4ueWV1bmdAc3BpcmVudGNvbS5jb20wHhcNMDUwNDI5MDExNTI1
WhcNMDgwNDI4MDExNTI1WjCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIw
EAYDVQQHEwlDYWxhYmFzYXMxEDAOBgNVBAoTB1NwaXJlbnQxDTALBgNVBAsTBEVu
Z24xEzARBgNVBAMTCkl2YW4gWWV1bmcxKDAmBgkqhkiG9w0BCQEWGWl2YW4ueWV1
bmdAc3BpcmVudGNvbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCruBpfE5KDHimv8GaNf39oj0ANa4stUu1X7JfzihuKy4ePM/69Wqsq5GLwvZgo
LVTbsjT6R+cYAobp8zzcXNQrgfJugi+lX+eU3YYCbZzk7S6lnYq8UuLkbe0wB1e9
6R0IMzcmqSeiOXHPD2MMjmsk7sGaCarI0tyhsxZ5fjcddRSjKOssu8yUsKc45wqp
RWAClSNZAHKnxWalfOkBg7/sXWni99Zbl7iaNbxVAtE/fcdGC/n907n1umlt5mvm
0sP07qFZi8LM2yJ9jpD4fjP9rNAAFNZtXjv6PoQ/RXJL7xljSk6qMMLGtG4nzAMp
XgEvw+FNz+fOXXyljcDqr7OLAgMBAAGjge4wgeswHQYDVR0OBBYEFA9ePWLLBfIC
nA10tNeYzrUVPF+fMIG7BgNVHSMEgbMwgbCAFA9ePWLLBfICnA10tNeYzrUVPF+f
oYGUpIGRMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCUNh
bGFiYXNhczEQMA4GA1UEChMHU3BpcmVudDENMAsGA1UECxMERW5nbjETMBEGA1UE
AxMKSXZhbiBZZXVuZzEoMCYGCSqGSIb3DQEJARYZaXZhbi55ZXVuZ0BzcGlyZW50
Y29tLmNvbYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4IBAQCnS80E
huHNLzq4aGs6Cxi3wYzwiLL3nT/4MXxsWSxhHj4KrFKu0spCWv9GiRKAdeThiT1x
49kxBfi5AsTMp25zUq1KdDABPSSXk2/7j3stNgqoY9w1MQozMbv/DjIpMMN2vT8T
ims1r5le6l1eqkms04siZBmoSOWiVJ3qpByk4+T/hhh3wcIXYd2e9NC4TCOV8hZF
A/qaOAhIx9Z0ckaGo5P+39SAzdBSIwth8q1rJAGmMe4XSbXuJ/T4FevBUSXD5ZQJ
IJNp+jE9iPdQu5VdkpF9926Q39Fnd1YQD3nclF7qPjlzKKdZ27g+oPR9z59wY+A6
oG1hoxwqUNw4UZ48
-----END CERTIFICATE-----
[root at localhost test_spirent]#


[root at localhost test_spirent]# openssl verify -CApath . client.pem
client.pem: /C=US/ST=CA/L=Calabasas/O=Spirent/OU=Engn/CN=Ivan
Yeung/emailAddress=ivan.yeung at spirentcom.com
error 18 at 0 depth lookup:self signed certificate
OK
[root at localhost test_spirent]#

[root at localhost test_spirent]# openssl verify -CAfile ca.pem server.pem
server.pem: /C=US/ST=CA/L=Calabasas/O=Spirent/OU=Engn/CN=Radius/emailAddress=radius at spirentcom.com
error 18 at 0 depth lookup:self signed certificate
OK
[root at localhost test_spirent]#

>
>  Alan DeKok.
-- 
Best regards!
walter
***************************************
Nothing is impossible!
***************************************



More information about the Freeradius-Users mailing list