Problem with EAP-TLS, please give me a hint
tnt at kalik.net
tnt at kalik.net
Fri Dec 4 23:48:59 CET 2009
> Well after i read your post i tried to sign the client certificates with
> the
> ca. I make some changes in the makefile but it think I made something
> wrong
> because it doesn't work:
>
>
>
> old:
>
> client.csr client.key: client.cnf
> openssl req -new -out client.csr -keyout client.key -config ./client.cnf
>
> client.crt: client.csr server.crt server.key index.txt serial
> openssl ca -batch -keyfile server.key -cert server.crt -in client.csr
> -key
> $(PASSWORD_SERVER) -out client.crt -extensions xpclient_ext -extfile
> xpextensions -config ./client.cnf
>
> client.p12: client.crt
> openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12
> -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
>
> client.pem: client.p12
> openssl pkcs12 -in client.p12 -out client.pem -passin
> pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
> cp client.pem $(USER_NAME).pem
>
> .PHONY: server.vrfy
> client.vrfy: server.pem client.pem
> c_rehash .
> openssl verify -CApath . client.pem
>
>
>
> new:
>
> client.csr client.key: client.cnf
> openssl req -new -out client.csr -keyout client.key -config ./client.cnf
>
> client.crt: client.csr ca.key ca.pem index.txt serial
> openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key
> $(PASSWORD_SERVER) -out client.crt -extensions xpclient_ext -extfile
At a glance, that should be ca password.
Ivan Kalik
More information about the Freeradius-Users
mailing list