#1  
Old 23rd June 2006, 08:56
unkn0wn unkn0wn is offline
Senior Member
 
Join Date: Mar 2006
Posts: 110
Thanks: 0
Thanked 0 Times in 0 Posts
Default freeradius and certs

Hi,
i want to with script CA.all to create needed certs for my freeradius.
but i have errors:

Code:
+ openssl ca -policy policy_anything -out newcert.pem -passin pass:itnet -key itnet 

-extensions xpserver_ext -extfile xpextensions -infiles newreq.pem
Using configuration from /usr/lib/ssl/openssl.cnf
CA certificate and CA private key do not match
8197:error:0B080074:x509 certificate routines:X509_check_private_key:key values 

mismatch:x509_cmp.c:399:
+ openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p12 -clcerts 

-passin pass:itnet -passout pass:itnet
Error opening input file newcert.pem
newcert.pem: No such file or directory
+ openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:itnet -passout pass:itnet
Error opening input file cert-srv.p12
cert-srv.p12: No such file or directory
+ openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der
Error opening Certificate cert-srv.pem
4468:error:02001002:system library:fopen:No such file or 

directory:bss_file.c:349:fopen('cert-srv.pem','r')
4468:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:351:
unable to load certificate
+ echo -e '\n\t\t##################\n'

                ##################
i edit openssl.cnf and enter my entries. Like country code etc...
in CA.all i edit

Code:
SSL=/usr/bin/openssl
#SSL=/usr/local/ssl

export PATH=${SSL}/bin/:${SSL}/ssl/misc:${PATH}

export LD_LIBRARY_PATH=${SSL}/lib

rm -rf demoCA roo* cert* *.pem *.der
is SSL variable for openssl executable or something else?
Reply With Quote
Sponsored Links
  #2  
Old 24th June 2006, 13:58
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Quote:
CA certificate and CA private key do not match
There seems to be something wrong with your cert and your key...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 25th June 2006, 10:22
unkn0wn unkn0wn is offline
Senior Member
 
Join Date: Mar 2006
Posts: 110
Thanks: 0
Thanked 0 Times in 0 Posts
Default

do u know easiest way to create certs for radius?
Reply With Quote
  #4  
Old 25th June 2006, 13:14
unkn0wn unkn0wn is offline
Senior Member
 
Join Date: Mar 2006
Posts: 110
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

ok i menage certs

ls
00.pem certs crl index.txt.old serial server_key.pem
cacert.pem client_key.pem index.txt newcerts serial.old server_req.pem
careq.pem client_req.pem index.txt.attr private server_keycert.pem

i have this certs now.
is there more certs that i need?

Last edited by unkn0wn; 25th June 2006 at 13:33.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 00:48.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.