Certificate Error!

Kwok Sianbin sianbin_kwok at yahoo.com
Mon Jun 9 17:29:45 CEST 2008 

Hi,



Can anyone here help me to fix the error below:

I run instruction in README such

make ca.pem

make ca.der

make server.pem

make server.csr

make client.pem



and then copy ca.der, client.p12 then I install the certificate into Windows XP.

When click the client certificate and it shows

"Windows doesn't have enough information to verify this certificate"

Server cert in Trusted Root Cert

"This certificate has expired or is not yet valid.



here the ca.cnf

[ ca ]

default_ca              = CA_default



[ CA_default ]

dir                     = ./

certs                   = $dir

crl_dir                 = $dir/crl

database                = $dir/index.txt

new_certs_dir           = $dir

certificate             = $dir/ca.pem

serial                  = $dir/serial

crl                    
= $dir/crl.pem

private_key             = $dir/ca.key

RANDFILE                = $dir/.rand

name_opt                = ca_default

cert_opt                = ca_default

default_days            = 1095

default_crl_days        = 365

default_md              = md5

preserve                = no

policy                  = policy_match



[ policy_match ]

countryName             = match

stateOrProvinceName     = match

organizationName        = match

organizationalUnitName  = optional

commonName              = supplied

emailAddress            = optional



[ policy_anything ]

countryName             = optional

stateOrProvinceName     = optional

localityName            = optional

organizationName        = optional

organizationalUnitName  = optional

commonName              = supplied

emailAddress            = optional



[ req ]

prompt                  = no

distinguished_name      = certificate_authority

default_bits            = 2048

input_password          = 123

output_password         = 123

x509_extensions         = v3_ca



[certificate_authority]

countryName             = FR

stateOrProvinceName     = Radius

localityName            = Somewhere

organizationName        = Example Inc.

emailAddress            = admin at example.com

commonName              = "Certificate Authority"



[v3_ca]

subjectKeyIdentifier    = hash

authorityKeyIdentifier  = keyid:always,issuer:always

basicConstraints        = CA:true



The only thing I'd changed the ca.cnf, client.cnf, server.cnf were default_days and default_crl_days.








      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080609/9b0436a8/attachment.html>

More information about the Freeradius-Users mailing list