Problem with EAP-TLS and certificate

Alan DeKok aland at deployingradius.com
Mon Jun 18 07:58:57 CEST 2012


Stephane Brodeur wrote:
> I am a newbie to Freeradius and I am having a real hard time to
> implement EAP-TLS using self-signed certificate.

  Why?  The server comes with scripts that create self-signed certs.
See raddb/certs.  If you search google for "freeradius eap-tls howto",
the first link is this:  http://freeradius.org/doc/EAPTLS.pdf

> [root at localhost CA]# eapol_test -c /opt/EAP-RADIUS/eap-tls.conf -s
> testing123, I have the following results:

  Ask the wpa_supplicant people how their software works.  This is the
*freeradius* list.

> My problem is the following error message when running eapol_test
> 
> TLS: Trusted root certificate(s) loaded
> OpenSSL: SSL_use_certificate_file (DER) --> OK
> OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (DER)
> failed error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
> OpenSSL: pending error: error:0D08303A:asn1 encoding
> routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
> OpenSSL: pending error: error:0D0680A8:asn1 encoding
> routines:ASN1_CHECK_TLEN:wrong tag

  Well... the certificate is wrong.

  If you had use the generation scripts in raddb/certs, you wouldn't
have this problem.

  See also http://deployingradius.com/, which contains *detailed*
instructions for getting EAP to work.

  Alan DeKok.


More information about the Freeradius-Users mailing list