I want to set up a Radius server for use in 802.1x, I want PEAP autentication, so I need to configure TLS and certificates, I have openssl and I have generated a CA and signed a certificate with it, I have configured the radiusd.conf and the eap.conf, but I get this error when I start radius in debug mode.
My Radius server version is 1.0.1-1 and I am using Fedora Core 3. I attach the tls section because is the problematic one: rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/var/ssl/newreq.pem" tls: certificate_file = "/var/ssl/newreq.pem" tls: CA_file = "/var/ssl/cacert.pem" tls: private_key_password = "my_passwd" tls: dh_file = "/etc/raddb/certs/dh" tls: random_file = "/dev/urandom" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" 4419:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:632:Expecting: CERTIFICATE 4419:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:632:Expecting: CERTIFICATE 4419:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib:ssl_rsa.c:534: rlm_eap_tls: Error reading certificate file rlm_eap: Failed to initialize type tls radiusd.conf[9]: eap: Module instantiation failed. It seems a problem in reading the certificates files, the "/var/ssl/newreq.file", I have checked that the radius server has enough privileges to access that file. That file is the server certificate signed by the CA and was generated with openssl, this file actually contains the private key and the public certificate, and is of the form: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,D50C8C4598225F1B 6yDmwg ... PysPdPw== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE REQUEST----- MIIB3zCC .... FhH7 -----END CERTIFICATE REQUEST----- So I think the file is correct. Does any one know about why the radius server is not reading the certificates properly? Thanks a lot ! __________________________________ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html