/usr/sbin/radiusd -C failed
changqing.li at windriver.com
Fri Dec 27 07:23:36 CET 2019
Thanks to Alan and arjun's kind help. Now I found the reason,
I am doing cross-compile, my openssl on target disable des, so missing
while the server.pem is generated on host with pkcs12.
On 12/26/19 1:03 AM, arjun sharma wrote:
> Hi ,
> It's not like that other tools are used openssl is the most enriched and
> hardly miss any available cipher suite.
> The issue with your configuration is clear from the confirmation itself
> private_key_file = "/etc/raddb/certs/server.pem"
> certificate_file = "/etc/raddb/certs/server.pem"
> You have used server.pem as certificate as well as private key . It seems
> to be certificate file so doesn't contain private key this is the reason of
> non readability of private key
> On Wed, Dec 25, 2019, 8:18 PM Alan DeKok <aland at deployingradius.com> wrote:
>> On Dec 25, 2019, at 4:38 AM, Changqing Li <changqing.li at windriver.com>
>>> I met below error when run "/usr/sbin/radiusd -C -X", Could someone
>> experts at this help to
>>> give me some hint what configuration maybe wrong? Thanks
>> The message isn't perfect, but it's clear:
>>> tls: Failed reading private key file "/etc/raddb/certs/server.pem"
>>> tls: error:0607606B:digital envelope
>> routines:PKCS5_v2_PBE_keyivgen:unsupported cipher
>> The private key in the "server.pem" file is encrypted with an
>> unsupported cipher.
>> OpenSSL supports many ciphers, but not every possible one.
>> Where did you get this key from? What tools created it? It's clearly
>> not created by the tools that come with FreeRADIUS.
>> Use the built-in tools. They work.
>> Alan DeKok.
>> List info/subscribe/unsubscribe? See
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users