Certificate Error!
Kwok Sianbin
sianbin_kwok at yahoo.com
Sat Jul 5 11:27:18 CEST 2008
Hi Ivan,
I still can't get the certificate to work.
I'd changed the Issuer and subject but the outcome still the same.
ca.cnf
default_ca = CA_default
[ CA_default ]
dir = ./
certs = $dir
crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir
certificate = $dir/ca.pem
serial = $dir/serial
crl
= $dir/crl.pem
private_key = $dir/ca.key
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
default_days = 1095
default_crl_days = 730
default_md = md5
preserve = no
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
prompt = no
distinguished_name = certificate_authority
default_bits = 2048
input_password = 000
output_password = 000
x509_extensions = v3_ca
[certificate_authority]
countryName = FR
stateOrProvinceName = Radius
localityName = Somewhere
organizationName = Example Inc.
emailAddress = admin at example.com
commonName = MarsNet_CA
[v3_ca]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:true
client.cnf
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = ./
certs = $dir
crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir
certificate = $dir/server.pem
serial = $dir/serial
crl
= $dir/crl.pem
private_key = $dir/server.key
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
default_days = 1095
default_crl_days = 730
default_md = md5
preserve = no
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
prompt = no
distinguished_name = client
default_bits = 2048
input_password = 000
output_password = 000
[client]
countryName = FR
stateOrProvinceName = Radius
localityName = Somewhere
organizationName = Example Inc.
emailAddress = user at example.com
commonName = MarsNet_CA
server.cnf
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = ./
certs = $dir
crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir
certificate = $dir/server.pem
serial = $dir/serial
crl
= $dir/crl.pem
private_key = $dir/server.key
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
default_days = 1095
default_crl_days = 730
default_md = md5
preserve = no
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
prompt = no
distinguished_name = server
default_bits = 2048
input_password = Mars123
output_password = Mars123
[server]
countryName = FR
stateOrProvinceName = Radius
localityName = Somewhere
organizationName = Example Inc.
emailAddress = admin at example.com
commonName = MarsNet_CA
Where should I change?
--- On Wed, 6/11/08, Ivan Kalik <tnt at kalik.net> wrote:
From: Ivan Kalik <tnt at kalik.net>
Subject: Re: Certificate Error!
To: freeradius-users at lists.freeradius.org
Date: Wednesday, June 11, 2008, 11:42 PM
Issuer: ..., MarNet
Subject: ..., MarsNet
Check certificate details. It seems that there are some typing errors
there.
Ivan Kalik
Kalik Informatika ISP
Dana 11/6/2008, "Kwok Sianbin" <sianbin_kwok at yahoo.com> piše:
>Hi Ivan,
>
>
>
>The date shows in Client Cert as word format and dates are correct.
>
>Here I attach Cert details tab.
>
>Root certificate is fine.. both client and root certificates were generated
at the same time.
>
>Afterward I tried to connect but connection failed.
>
>
>
>
>
>
>
>
>
>--- On Tue, 6/10/08, Ivan Kalik <tnt at kalik.net> wrote:
>From: Ivan Kalik <tnt at kalik.net>
>Subject: Re: Certificate Error!
>To: "FreeRadius users mailing list"
<freeradius-users at lists.freeradius.org>
>Date: Tuesday, June 10, 2008, 4:59 PM
>
>What is the system date format on that XP: day/month/year or
>month/day/year? Click on the certificate details tab. Are dates printed
>as words or numbers?
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 10/6/2008, "Kwok Sianbin" <sianbin_kwok at yahoo.com>
piše:
>
>>Hi Ivan,
>>The dates are ok (up-to-date).
>>Here I attach the certificate
>>
>>
>>
>>----- Original Message ----
>>From: Ivan Kalik <tnt at kalik.net>
>>To: freeradius-users at lists.freeradius.org
>>Sent: Tuesday, June 10, 2008 12:00:33 AM
>>Subject: Re: Certificate Error!
>>
>>>and then copy ca.der, client.p12 then I install the certificate
into
>Windows XP.
>>>
>>>When click the client certificate and it shows
>>>
>>>"Windows doesn't have enough information to verify this
>certificate"
>>>
>>>Server cert in Trusted Root Cert
>>>
>>>"This certificate has expired or is not yet valid.
>>>
>>
>>And below there is a line Valid from ... to ... - what are the dates?
>>
>>Ivan Kalik
>>Kalik Informatika ISP
>>
>>-
>>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>>
>>
>>
>>
>>
>
>-
>List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080705/e63dae46/attachment.html>
More information about the Freeradius-Users
mailing list