Decoupled accounting
Devinder Singh
devinbhullar at gmail.com
Fri Jul 31 11:49:46 CEST 2009
Hi Ivan
This is how generetd the certs and radiusd -X gives error
linux-7v1x:/etc/raddb/certs # ./CA.root myettelap
Generating a 1024 bit RSA private key
..++++++
.................++++++
writing new private key to 'pem/newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
MAC verified OK
linux-7v1x:/etc/raddb/certs # ls
bootstrap CA.client CA.root client.cnf der p12 pem server.cnf
CA.cient ca.cnf CA.server demoCA Makefile pass README
xpextensions
linux-7v1x:/etc/raddb/certs # cd pass
linux-7v1x:/etc/raddb/certs/pass # ls
root.pass
linux-7v1x:/etc/raddb/certs/pass # vi root.pass
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass #
linux-7v1x:/etc/raddb/certs/pass # cd .
linux-7v1x:/etc/raddb/certs/pass # cd ..
linux-7v1x:/etc/raddb/certs # ls
bootstrap CA.client CA.root client.cnf der p12 pem
server.cnf
CA.cient ca.cnf CA.server demoCA Makefile pass README
xpextensions
linux-7v1x:/etc/raddb/certs # cd pem
linux-7v1x:/etc/raddb/certs/pem # ls
root.pem
linux-7v1x:/etc/raddb/certs/pem # cd ..
linux-7v1x:/etc/raddb/certs # ls
bootstrap CA.client CA.root client.cnf der p12 pem server.cnf
CA.cient ca.cnf CA.server demoCA Makefile pass README
xpextensions
linux-7v1x:/etc/raddb/certs # cd
/home/palette/Desktop/freeradius-1.0.4/raddb/certs/demoCA/
linux-7v1x:/home/palette/Desktop/freeradius-1.0.4/raddb/certs/demoCA #
ls
cacert.pem index.txt index.txt.old serial serial.old
linux-7v1x:/home/palette/Desktop/freeradius-1.0.4/raddb/certs/demoCA #
cp serial /etc/raddb/certs/demoCA/
linux-7v1x:/home/palette/Desktop/freeradius-1.0.4/raddb/certs/demoCA #
cd /etc/raddb/certs/
linux-7v1x:/etc/raddb/certs # ls
bootstrap CA.client CA.root client.cnf der p12 pem
server.cnf
CA.cient ca.cnf CA.server demoCA Makefile pass README
xpextensions
linux-7v1x:/etc/raddb/certs # ./CA.server linux-7v1x devin myettelap
Generating a 1024 bit RSA private key
.............................................++++++
................................++++++
writing new private key to 'pem/newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:linux-7v1x
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1234
An optional company name []:Pal
Using configuration from /etc/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 3 (0x3)
Validity
Not Before: Jul 31 09:28:11 2009 GMT
Not After : Jul 31 09:28:11 2010 GMT
Subject:
countryName = AU
stateOrProvinceName = Some-State
organizationName = Internet Widgits Pty Ltd
commonName = linux-7v1x
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
Certificate is to be certified until Jul 31 09:28:11 2010 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
MAC verified OK
linux-7v1x:/etc/raddb/certs # ls
bootstrap CA.client CA.root client.cnf der p12 pem server.cnf
CA.cient ca.cnf CA.server demoCA Makefile pass README
xpextensions
linux-7v1x:/etc/raddb/certs # cd pass
linux-7v1x:/etc/raddb/certs/pass # ls
root.pass
linux-7v1x:/etc/raddb/certs/pass # cd ..
linux-7v1x:/etc/raddb/certs # cd der
linux-7v1x:/etc/raddb/certs/der # ls
linux-7v1x.der root.der
linux-7v1x:/etc/raddb/certs/der # cd .
linux-7v1x:/etc/raddb/certs/der # cd ..
linux-7v1x:/etc/raddb/certs # ls
bootstrap CA.client CA.root client.cnf der p12 pem server.cnf
CA.cient ca.cnf CA.server demoCA Makefile pass README
xpextensions
linux-7v1x:/etc/raddb/certs # ./CA.client palette-giau6pb devin myettelap
Generating a 1024 bit RSA private key
.......++++++
.......................................................++++++
writing new private key to 'pem/newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:palette-giau6pb
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1234
An optional company name []:
Using configuration from /etc/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 4 (0x4)
Validity
Not Before: Jul 31 09:31:56 2009 GMT
Not After : Jul 31 09:31:56 2010 GMT
Subject:
countryName = AU
stateOrProvinceName = Some-State
organizationName = Internet Widgits Pty Ltd
commonName = palette-giau6pb
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Client Authentication
Certificate is to be certified until Jul 31 09:31:56 2010 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
MAC verified OK
linux-7v1x:/etc/raddb/certs # ls
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/wireless-auth/linux-7v1x.pem"
certificate_file = "/etc/wireless-auth/linux-7v1x.pem"
CA_file = "/etc/wireless-auth/root.pem"
private_key_password = "myettelap"
dh_file = "/etc/wireless-auth/DH"
random_file = "/etc/wireless-auth/random"
fragment_size = 1024
include_length = yes
check_crl = no
}
rlm_eap: SSL error error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt
rlm_eap_tls: Error reading private key file /etc/wireless-auth/linux-7v1x.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/etc/raddb/sites-enabled/default[280]: Failed to find module "eap".
/etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section.
}
Errors initializing modules
2009/7/31 Devinder Singh <devinbhullar at gmail.com>:
> Hi Ivan
>
> Ned you help here
> Module: Linked to sub-module rlm_eap_tls
> Module: Instantiating eap-tls
> tls {
> rsa_key_exchange = no
> dh_key_exchange = yes
> rsa_key_length = 512
> dh_key_length = 512
> verify_depth = 0
> pem_file_type = yes
> private_key_file = "/etc/wireless-auth/linux-7v1x.pem"
> certificate_file = "/etc/wireless-auth/linux-7v1x.pem"
> CA_file = "/etc/wireless-auth/root.pem"
> private_key_password = "myettelap"
> dh_file = "/etc/wireless-auth/DH"
> random_file = "/etc/wireless-auth/random"
> fragment_size = 1024
> include_length = yes
> check_crl = no
> }
> rlm_eap: SSL error error:06065064:digital envelope
> routines:EVP_DecryptFinal_ex:bad decrypt
> rlm_eap_tls: Error reading private key file /etc/wireless-auth/linux-7v1x.pem
> rlm_eap: Failed to initialize type tls
> /etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
> /etc/raddb/sites-enabled/default[280]: Failed to find module "eap".
> /etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section.
> }
> Errors initializing modules
>
--
Devinder
More information about the Freeradius-Users
mailing list