Hi all. I've been following the instructions on various sites on how to setup freeradius. The problem that I run into is that my system seems to have a different SSL setup that the one assumed. I'm running Centos 4.0 and using openssl-0.9.7a-43.1 SSL is installed in /usr/share/ssl. It is the CA.all script that is giving my problems. I've changed the SSL variable in CA.all to point to /usr/share/ssl. The next problem that I've encountered is that the CA.pl script does not exist on my system. It is supposed to be located under /usr/share/ssl/misc/ but it's not there. But under that same directory is a script called CA (without any extension). This looks like the same CA.pl that is needed so I made a symbolic link called CA.pl to it.
The script can now run but I'm still getting errors. The problem is that the CA script does not create its files in the correct location. Here is the part of the CA script that I'm concerned about: [snip] -newca) # if explicitly asked for or it doesn't exist then setup the directory # structure that Eric likes to manage things NEW="1" if [ "$NEW" -o ! -f ${CATOP}/serial ]; then # create the directory hierarchy mkdir ${CATOP} mkdir ${CATOP}/certs mkdir ${CATOP}/crl mkdir ${CATOP}/newcerts mkdir ${CATOP}/private echo "01" > ${CATOP}/serial touch ${CATOP}/index.txt fi if [ ! -f ${CATOP}/private/$CAKEY ]; then echo "CA certificate filename (or enter to create)" read FILE # ask user for existing CA certificate if [ "$FILE" ]; then cp $FILE ${CATOP}/private/$CAKEY RET=$? else echo "Making CA certificate ..." $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \ -out ${CATOP}/$CACERT $DAYS RET=$? fi fi ;; [snip] Notice that if a file name is provided the script does not create the certificate which is required for the rest of the CA.all script. Do I have a different script to CA.pl? Sorry about the long (and confusing) post. If someone could please tell me if this piece of code looks the same as the code in your CA.pl script. Also any suggestions on what I'm doing wrong will be greatly appreciated. Thanks in advance. Pico. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html