strange behavior when EAP is enabled?

Alan DeKok aland at deployingradius.com
Sun Dec 22 18:08:02 CET 2019


On Dec 20, 2019, at 6:27 PM, Coy Hile <coy.hile at coyhile.com> wrote:
> And, for posterity’s sake, I found the solution here.  The server.pem file created by the bootstrap script looks thus:
> 
> ```
> Bag Attributes
> localKeyID: ...
> issuer=...
> -----BEGIN CERTIFICATE-----
> ...
> -----END CERTIFICATE-----
> Bag Attributes
> more garbage...
> -----BEGIN ENCRYPTED PRIVATE KEY-----
> ...
> ——END ENCRYPTED PRIVATE KEY——
> ```

  Hmm... that's terrible.  I think OpenSSL changed that a while back.  It's a fairly stupid thing to do, IMHO.  If I want the PEM file, I don't care about extra garbage being printed.

> Once I moved the private key to the top of the file (and removed the Bag attributes information (which I haven’t seen before)), ending up with the server.pem looking thus:
> 
> ```
> ——BEGIN ENCRYPTED PRIVATE KEY-----
> ...
> ——END ENCRYPTED PRIVATE KEY-----
> -----BEGIN CERTIFICATE-----
> ...
> -----END CERTIFICATE-----
> ```
> 
> the world is good to go.

  That's good to hear.  It's not clear why OpenSSL reads the file one mode but not the other.

  Alan DeKok.




More information about the Freeradius-Users mailing list