You have the same thing in the server's certificate and the client's certificate. You can use a different "Common Name". (don't use commonName_default in openssl.cnf)
Jean-Paul.
Hello,
I'm trying to set up freeradius to use EAP-TLS, using the CA.all script inc= luded with=20 the distribution to generate the necessary server and client certificates. = I'm using=20 the CVS snapshot from 11/20/2003, with openssl 0.9.7c. openssl is installed= in=20 /usr/local/ssl, and I'm running the script from the /usr/local/ssl/certs di= rectory.
Here's the output I get at the end at the step where the server cert is gen= erated:
Certificate is to be certified until Nov 24 00:42:41 2004 GMT (365 days) Sign the certificate? [y/n]:y failed to update database TXT_DB error number 2 + openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p1= 2 -clcerts=20 -pa ssin pass:whatever -passout pass:whatever No certificate matches private key + openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:whatever -= passout=20 pass:w hatever 23242:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too=20 long:asn1_lib.c:14 0: + openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der unable to load certificate 23243:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:= Expecting:=20 TRU STED CERTIFICATE + echo -e '\n\t\t##################\n'
##################
And here is the state of the certs directory:
-rwxr-xr-x 1 root staff 3119 Nov 21 17:52 CA.all -rw-r--r-- 1 root staff 9304 Nov 24 19:43 CA_output -rw-r--r-- 1 root staff 689 Nov 24 19:42 cert-clt.der -rw-r--r-- 1 root staff 1709 Nov 24 19:42 cert-clt.p12 -rw-r--r-- 1 root staff 2389 Nov 24 19:42 cert-clt.pem -rw-r--r-- 1 root staff 0 Nov 24 19:42 cert-srv.p12 -rw-r--r-- 1 root staff 0 Nov 24 19:42 cert-srv.pem drwxr-sr-x 6 root staff 4096 Nov 24 19:42 demoCA -rw-r--r-- 1 root staff 0 Nov 24 19:42 newcert.pem -rw-r--r-- 1 root staff 1667 Nov 24 19:42 newreq.pem -rw-r--r-- 1 root staff 906 Nov 24 19:42 root.der -rw-r--r-- 1 root staff 1925 Nov 24 19:42 root.p12 -rw-r--r-- 1 root staff 2681 Nov 24 19:42 root.pem -rw-r--r-- 1 root staff 148 Nov 21 18:29 xpextensions
Can someone take a look at this and possible tell me if I'm doing anything = wrong? I=20 scripted the entre output of CA.all, so I can send as an attachment if requ= ested.
Thanks,
-Chris
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html