Thanks a lot for your reply Mohammed. I am afraid it still hasn't completely solved the problem though. Now I am getting a different type of error:
tls: rsa_key_exchange = yes tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = no tls: verify_depth = 2 tls: CA_path = "(null)" tls: pem_file_type = no tls: private_key_file = "/usr/local/etc/raddb/certs/srv_key.der" tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.der" tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "whatever" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/usr/local/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" 10892:error:140B007C:SSL routines:SSL_CTX_use_PrivateKey_file:bad ssl filetype:/usr/src/crypto/openssl/ssl/ssl_rsa.c:704: rlm_eap_tls: Error reading private key file rlm_eap: Failed to initialize type tls radiusd.conf[9]: eap: Module instantiation failed. I know there are a few inconsistencies in this configuration but as you can see now it shows the error: Error reading private key file. Could you please suggest something for this? Also, whenever I set the CA_file parameter to a .der file it fails to read the .der file and displays error for it as well. Thanks, Bilal Bilal Ahmed Software Engineer, ESD, Mentor Graphics. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mohammed Petiwala Sent: Saturday, October 02, 2004 8:13 PM To: [EMAIL PROTECTED] Subject: RE: der and pem (urgent!!!) hi bilal: you could do this in 2 ways: 1. in the eap.conf file in the tls section tls { rsa_key_exchange = yes dh_key_exchange = no rsa_key_length = 1024 dh_key_length = 1024 verify_depth = 2 pem_file_type = no as shown above set pem fle type attrib option to no... 2. or convert the certs and private key files to pem format using the openssl commandline utility (check openssl site for detail of the commands) hope this helps.... regards, mohammed. Mohammed H. Petiwala Senior Staff Engineer iDEN-WLAN, Motorola Inc. --- Bilal Ahmed <[EMAIL PROTECTED]> wrote: > I would appreciate any kind of help. Need to get it > done by tonight. > Many thanks > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > On Behalf Of Bilal > Ahmed > Sent: Saturday, October 02, 2004 11:10 AM > To: [EMAIL PROTECTED] > Subject: der and pem (urgent!!!) > > When in the TLS configuration portion in the > eap.conf file, I change the > following lines: > > private_key_file = ${raddbdir}/certs/cert-srv.pem > certificate_file = ${raddbdir}/certs/cert-srv.pem > > to > > private_key_file = ${raddbdir}/certs/cert-srv.der > certificate_file = ${raddbdir}/certs/cert-srv.der > > Basically telling it to use the .der certificates > found in the > raddb/certs folder rather than .pem, I get the > following error during > the Freeradius initialization: > > 3197:error:0906D06C:PEM routines:PEM_read_bio:no > start > line:/usr/src/crypto/openssl/crypto/pem/pem_lib.c:632:Expecting: > CERTIFICATE > 3197:error:0906D06C:PEM routines:PEM_read_bio:no > start > line:/usr/src/crypto/openssl/crypto/pem/pem_lib.c:632:Expecting: > CERTIFICATE > 3197:error:140AD009:SSL > routines:SSL_CTX_use_certificate_file:PEM > lib:/usr/src/crypto/openssl/ssl/ssl_rsa.c:536: > rlm_eap_tls: Error reading certificate file > rlm_eap: Failed to initialize type tls > > My problem is that Client at the other end does not > recognize the .pem > format. Therefore, I believe that any certificate my > client > receives/sends must be in the der format. > > So, how can I tell the freeradius server to use .der > certificates and > not the .pem ones? > > Thanks, > Bilal > > > > > > __________________________________ Do you Yahoo!? Yahoo! Mail is new and improved - Check it out! http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
