Self Signed Certs Fail - pem/der
Steven Sprague
steven at sprague-enterprises.com
Tue Sep 15 03:57:33 CEST 2009
Yes,
Before I tried for the second time to make self signed certs - I did use
the command prompt command in the CA doc to delete everything *.pem.
*.der, etc.
>edit ca.cnf, server.cnf and client.cnf to ensure that
>everything matches and expects the same organisation etc...
>then you can re-run the bootstrap and it'll be fine
I thought you only needed to edit the ca.cnf if you needed to make self signed root certs
for EAP-PEAP clients. I did not see any note that said you needed to make the same edits to the
server.cnf and client.cnf's ??
Any way, If that is required I will give a go. Just so I am sure "what
has to be changed" in the *.cnf's for this to work - please confirm by
looking at what I intend to edit = *
[ req ]
prompt = no
distinguished_name = certificate_authority
default_bits = 2048
* input_password = whatever
* output_password = whatever
x509_extensions = v3_ca
[certificate_authority]
* countryName = FR
* stateOrProvinceName = Radius
* localityName = Somewhere
* organizationName = Example Inc.
* emailAddress = admin at example.com
* commonName = "Example Certificate Authority"
Steven
-----Original Message-----
From: Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
Subject: Re: Self Signed Certs Fail - pem/der
Hi,
> For some unknown reason my self certs failed to work in either client.
> After trying this twice and have both attempts fail I regenerated the
> original CA’s for “example” using ./bootstrap, the old CA.cnf file - they
> both worked for my clients (Linux/WinXP)
you need to ensure all the old stuff is gone..
cd $place/raddb/certs
make clean
make destroycerts
edit ca.cnf, server.cnf and client.cnf to ensure that
everything matches and expects the same organisation etc
then you can re-run the bootstrap and it'll be fine
(or should be!)
PS this is for a modern version - eg 2.1.6
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Steven Sprague <steven at sprague-enterprises.com>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Freeradius-Users
mailing list