freeradius and certs

Discussion in 'Server Operation' started by unkn0wn, Jun 23, 2006.

  1. unkn0wn

    unkn0wn New Member

    Hi,
    i want to with script CA.all to create needed certs for my freeradius.
    but i have errors:

    Code:
    
+ openssl ca -policy policy_anything -out newcert.pem -passin pass:itnet -key itnet 

-extensions xpserver_ext -extfile xpextensions -infiles newreq.pem
Using configuration from /usr/lib/ssl/openssl.cnf
CA certificate and CA private key do not match
8197:error:0B080074:x509 certificate routines:X509_check_private_key:key values 

mismatch:x509_cmp.c:399:
+ openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p12 -clcerts 

-passin pass:itnet -passout pass:itnet
Error opening input file newcert.pem
newcert.pem: No such file or directory
+ openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:itnet -passout pass:itnet
Error opening input file cert-srv.p12
cert-srv.p12: No such file or directory
+ openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der
Error opening Certificate cert-srv.pem
4468:error:02001002:system library:fopen:No such file or 

directory:bss_file.c:349:fopen('cert-srv.pem','r')
4468:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:351:
unable to load certificate
+ echo -e '\n\t\t##################\n'

                ##################
    i edit openssl.cnf and enter my entries. Like country code etc...
    in CA.all i edit

    Code:
    
SSL=/usr/bin/openssl
#SSL=/usr/local/ssl

export PATH=${SSL}/bin/:${SSL}/ssl/misc:${PATH}

export LD_LIBRARY_PATH=${SSL}/lib

rm -rf demoCA roo* cert* *.pem *.der
    is SSL variable for openssl executable or something else?
     
    unkn0wn, Jun 23, 2006
    #1
  2. falko

    falko Super Moderator Howtoforge Staff

    There seems to be something wrong with your cert and your key...
     
    falko, Jun 24, 2006
    #2
  3. unkn0wn

    unkn0wn New Member

    do u know easiest way to create certs for radius?
     
    unkn0wn, Jun 25, 2006
    #3
  4. unkn0wn

    unkn0wn New Member

    ok i menage certs :)

    ls
    00.pem certs crl index.txt.old serial server_key.pem
    cacert.pem client_key.pem index.txt newcerts serial.old server_req.pem
    careq.pem client_req.pem index.txt.attr private server_keycert.pem

    i have this certs now.
    is there more certs that i need?
     
    Last edited: Jun 25, 2006
    unkn0wn, Jun 25, 2006
    #4

Share This Page