/usr/sbin/radiusd -C failed

arjun sharma arjuniet.28 at gmail.com
Wed Dec 25 18:03:46 CET 2019


Hi ,

It's not like that other tools are used openssl is the most enriched and
hardly miss any available cipher suite.

The issue with your configuration is clear from the confirmation itself
          private_key_file = "/etc/raddb/certs/server.pem"
         certificate_file = "/etc/raddb/certs/server.pem"

You have used server.pem as certificate as well as private key . It seems
to be certificate file so doesn't contain private key this is the reason of
non readability of private key

On Wed, Dec 25, 2019, 8:18 PM Alan DeKok <aland at deployingradius.com> wrote:

> On Dec 25, 2019, at 4:38 AM, Changqing Li <changqing.li at windriver.com>
> wrote:
> > I met below error when run "/usr/sbin/radiusd -C -X",  Could someone
> experts at this help to
> >
> > give me some hint what configuration maybe wrong? Thanks
>
>   The message isn't perfect, but it's clear:
>
> > tls: Failed reading private key file "/etc/raddb/certs/server.pem"
> > tls: error:0607606B:digital envelope
> routines:PKCS5_v2_PBE_keyivgen:unsupported cipher
>
>   The private key in the "server.pem" file is encrypted with an
> unsupported cipher.
>
>   OpenSSL supports many ciphers, but not every possible one.
>
>   Where did you get this key from?  What tools created it?  It's clearly
> not created by the tools that come with FreeRADIUS.
>
>   Use the built-in tools.  They work.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list