Florian, In my openssl-0.9.7d archive I have no CA.all script! I took my three scripts from http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm! And you have also send my this link. All the hints that you have gave me, I've already implemented.
But it still won't work! Perhaps anyone else have some hints for me. Thanks in advance. Regards Daniel -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Florian-Daniel Otel Gesendet: Mittwoch, 19. Mai 2004 16:30 An: [EMAIL PROTECTED] Betreff: Re: AW: EAP/TLS Daniel, Please look in the CA.all script that comes with a recent snapshot of freeradius. It is the recommended way to generate the certificates. When using that "CA.all" script please note carefully the following: - The "Common Name" attributes you are given as input must be different ! Otherwise the certificate are not generated properly and/or a VERY cryptic openssl error is printed, with the resulting certificates not working properly. When using the "CA.all" script you are promted for three CNs, which are (in order) 1) The CN for your CA, (Certification Authority) 2) The client certificate and 3) The server certificate. Again, they all must be different. - The "user" that you put in the "raddb/users" file must match the CN for the client. Please include the full name within quotes. - On the client you must install the "root.der" certificate and ACK that the this is a trusted CA. Also, you must add the "cert-clt.p12" certificate. Please also note that the client certificate must be in PKCS#12 format. For detailed howto please see http://www.dslreports.com/forum/remark,9286052~mode=flat For how to install the root and the client certificates and how to acknowledge that the CA is trused please see "Section 10" of the HOWTO at http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm HTH, Florian Daniel Walther writes: > Hello Florian, > Hello List, > > Thanks for your fast answer. I think that there is a bug in the certificates > too. But I can't see any error. > I use the attached scripts for the certificates generation. > Is there any error? > > Thanks in advance for your help > > Regards > Daniel > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
