Certificate types supported on freeradius EAP-TLS

John elmer_radius at yahoo.com.cn
Thu Oct 23 08:42:01 CEST 2008


Hi,
   
  Openssl support .der format. But I convert the .pem format certificates to .der format.  They do not realy work. The pem certificates is OK.
  Does anyone use .der format certificates?  Please help me. Thanks.
   
   
  debug 1:
  pem_file_type = no
 tls: private_key_file = "/usr/local/etc/raddb/certs/server_keycert.der"
 tls: certificate_file = "/usr/local/etc/raddb/certs/server_keycert.der"
 tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.der"
 tls: private_key_password = "whatever"
 tls: dh_file = "/usr/local/etc/raddb/certs/dh"
 tls: random_file = "/usr/local/etc/raddb/certs/random"
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
 tls: check_cert_cn = "(null)"
 tls: cipher_list = "DEFAULT"
 tls: check_cert_issuer = "(null)"
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
rlm_eap_tls: Error reading Trusted root CA list
rlm_eap: Failed to initialize type tls
radiusd.conf[1]: eap: Module instantiation failed.
radiusd.conf[575] Unknown module "eap".
radiusd.conf[555] Failed to parse authenticate section.
  
 
 debug 2:
 tls: pem_file_type = no
 tls: private_key_file = "/usr/local/etc/raddb/certs/server_keycert.der"
 tls: certificate_file = "/usr/local/etc/raddb/certs/server_keycert.der"
 tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"
 tls: private_key_password = "whatever"
 tls: dh_file = "/usr/local/etc/raddb/certs/dh"
 tls: random_file = "/usr/local/etc/raddb/certs/random"
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
 tls: check_cert_cn = "(null)"
 tls: cipher_list = "DEFAULT"
 tls: check_cert_issuer = "(null)"
rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line
rlm_eap_tls: Error reading private key file
rlm_eap: Failed to initialize type tls
radiusd.conf[1]: eap: Module instantiation failed.
radiusd.conf[575] Unknown module "eap".
radiusd.conf[555] Failed to parse authenticate section.
   
   
  John.
  

Alan DeKok <aland at deployingradius.com> 写道:
  John wrote:
> I am using freeradius 1.1.6. I want to know which certificate format can
> be supported on EAP-TLS module? Does it support .pfx format?

FreeRADIUS uses OpenSSL for it's certificate functions. See the
OpenSSL documentation for which certificate formats it supports.

Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


       
---------------------------------
 雅虎邮箱,您的终生邮箱!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081023/ba274441/attachment.html>


More information about the Freeradius-Users mailing list