DER format in TLS certificates
Iñigo Vicente
ivicente at bexencardio.com
Wed Mar 2 15:26:39 UTC 2022
I have created a client.der from the client.pem, I pass it through cmd to
windows and I add it to a wifi module to connect but it gives me an error.
The client.pem contains two certificates, the CA and the client.pem, how
can I configure it to contain only the client?
I think there is this error, freeradius uses the size with the two
certificates together and I want to use them separately.
Thanks,
Iñigo.
El mar, 1 mar 2022 a las 16:09, Alan DeKok (<aland at deployingradius.com>)
escribió:
> On Mar 1, 2022, at 9:32 AM, Iñigo Vicente <ivicente at bexencardio.com>
> wrote:
> > Can I use Der format for certificates?
>
> OpenSSL uses PEM. It's trivial to convert them from one format to
> another. So there's no reason to try to "force" it to use one format.
>
> > When I try to use DER certificates I get this error on freeradius:
> >
> > (8) eap_tls: ERROR: (TLS) Alert write:fatal:decode error
> > (8) eap_tls: ERROR: (TLS) Server : Error in error
> > (8) eap_tls: ERROR: (TLS) Failed reading from OpenSSL: error:1417C087:SSL
> > routines:tls_process_client_certificate:cert length mismatch
>
> That really has nothing to do with the certificate format.
>
> Once the certificate is loaded by OpenSSL, it's sent across the wire in
> a different format.
>
> Plus, this complaint is about the *client* certificate. Not the
> certificate on the server.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list