DER format in TLS certificates

Alan DeKok aland at deployingradius.com
Tue Mar 1 15:09:16 UTC 2022


On Mar 1, 2022, at 9:32 AM, Iñigo Vicente <ivicente at bexencardio.com> wrote:
> Can I use Der format for certificates?

  OpenSSL uses PEM.  It's trivial to convert them from one format to another.  So there's no reason to try to "force" it to use one format.

> When I try to use DER certificates I get this error on freeradius:
> 
> (8) eap_tls: ERROR: (TLS) Alert write:fatal:decode error
> (8) eap_tls: ERROR: (TLS) Server : Error in error
> (8) eap_tls: ERROR: (TLS) Failed reading from OpenSSL: error:1417C087:SSL
> routines:tls_process_client_certificate:cert length mismatch

  That really has nothing to do with the certificate format.

  Once the certificate is loaded by OpenSSL, it's sent across the wire in a different format.

  Plus, this complaint is about the *client* certificate.  Not the certificate on the server.

  Alan DeKok.



More information about the Freeradius-Users mailing list