WPA Certificate Question

hongjianli.nudt at gmail.com hongjianli.nudt at gmail.com
Wed Feb 3 01:38:29 CET 2010

I think you should install the openssl-delvel package for tls header and lib, if you can not run radiuxd -X also before replacing the the certs.and then build freeradius again.
On Sun, 31 Jan 2010, Alan Buxey wrote:
> Hi,
>> to these servers" client field, just enter the 'common name' entered on
>> the certificate? I wonder if a wildcard cert would work for this. As in
>> *.myorg.ca, then entering *.myorg.ca for client servers field. Just asking
>> because I have one of those.
> depends on supplicant - some understand wildcards...some just need the
> domain name to be specified
>> In the README file there is this warning:
>>   "You will have to ensure that the certificate contains the XP
>>   extensions needed by Microsoft clients."
>> But I can't find any further information about it. How do I ensure my
>> certificate has these extensions? Would a CA signed cert have this?
> check the FreeRADIUS certificate makefile - you can see the xpextensions
> file and the required attributes. you can use the openssl tool to view
> the certificate in text mode - whethr the CA will sign it - you
> may have to request this functionality
I generated a server certificate using the provided documentation in the 
certs/README file. I took the generated server.csr and got it signed by 
Thawte (just a 20 day trial cert for now). They provided my certificate 
and I replaced the contents of server.crt with it. Now when I start up 
FreeRadius in debug, I get:
rlm_eap: SSL error error:0B080074:x509 certificate 
routines:X509_check_private_key:key values mismatch
rlm_eap_tls: Error reading private key file 
rlm_eap: Failed to initialize type tls
/usr/local/freeradius/etc/raddb/eap.conf[17]: Instantiation failed for 
module "eap"
/usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to 
find module "eap".
/usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel[176]: Errors 
parsing authenticate section.
I did update the private key password in eap.conf, to match the one I used 
in the original signing request. So what did I do wrong?
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100203/983c9344/attachment.html>

More information about the Freeradius-Users mailing list