Hi, i am a newbie at freeradius.
I have a working installtion of freeradius. After i have created certs using the CA.all script i can start radius. My Microsoft Wlan client can authenticate on the radius. All works fine. But now i will use Certs from my OpenCa installation to authenticate wlan clients. My OpenCA installtion works fine to. But when i use this certificates i cant start radius. radius_start -A -X shows folloing output ************************************ Module: Loaded eap eap: default_eap_type = \"md5\" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = \"Password: \" gtc: auth_type = \"PAP\" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = \"(null)\" tls: pem_file_type = yes tls: private_key_file = \"/usr/local/etc/raddb/sh/cert-srv.pem\" tls: certificate_file = \"/usr/local/etc/raddb/sh/cert-srv.pem\" tls: CA_file = \"/usr/local/etc/raddb/sh/root.pem\" tls: private_key_password = \"testtesttest\" tls: dh_file = \"/usr/local/etc/raddb/certs/dh\" tls: random_file = \"/usr/local/etc/raddb/certs/random\" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = \"(null)\" 10941:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:637:Expecting: CERTIFICATE 10941:error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe algorithm:evp_pbe.c:89:TYPE=pbeWithMD5AndDES-CBC 10941:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:p12_decr.c:83: 10941:error:2306A075:PKCS12 routines:PKCS12_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:122: 10941:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_pkey.c:122: 10941:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:709: rlm_eap_tls: Error reading private key file rlm_eap: Failed to initialize type tls radiusd.conf[9]: eap: Module instantiation failed. ******************************************* Here you can see the working cert ******************************************** Bag Attributes localKeyID: 0C BA ED 0A 7B E9 67 CD E7 0A 08 39 DB 9D 99 34 0A C6 2B A4 subject=/C=CA/ST=Province/L=Some City/O=Organization/OU=localhost/CN=Root certificate/[EMAIL PROTECTED] issuer=/C=CA/ST=Province/L=Some City/O=Organization/OU=localhost/CN=Client certificate/[EMAIL PROTECTED] -----BEGIN CERTIFICATE----- MIICyTCCAjKgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBnzELMAkGA1UEBhMCQ0Ex ETAPBgNVBAgTCFByb3ZpbmNlMRIwEAYDVQQHEwlTb21lIENpdHkxFTATBgNVBAoT DE9yZ2FuaXphdGlvbjESMBAGA1UECxMJbG9jYWxob3N0MRswGQYDVQQDExJDbGll bnQgY2VydGlmaWNhdGUxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFtcGxlLmNv bTAeFw0wNDAxMjUxMzI2MTBaFw0wNTAxMjQxMzI2MTBaMIGbMQswCQYDVQQGEwJD QTERMA8GA1UECBMIUHJvdmluY2UxEjAQBgNVBAcTCVNvbWUgQ2l0eTEVMBMGA1UE ChMMT3JnYW5pemF0aW9uMRIwEAYDVQQLEwlsb2NhbGhvc3QxGTAXBgNVBAMTEFJv b3QgY2VydGlmaWNhdGUxHzAdBgkqhkiG9w0BCQEWEHJvb3RAZXhhbXBsZS5jb20w gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANrFJUIr/tsIJimiy6RLNEnJDQq0 YvtyyENKeCCYhj1+t9fnACjCt61VWlHMdWz0+h1wkWFatFDVKJVTrmYWr/AUpVCF 1rj7Su6YY45CYXXN02xmXGPNoXfTSSDrMFhe3IdzmZwpgPga1GOLu+ocgtBUAj23 7ySj7Bw/YkGpA9fzAgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG SIb3DQEBBAUAA4GBAHotkhsc8TvymCqReOye3m2I7cF4oui9QKCgb7bwdplXiEzX CEU3CDSW/RhBZSk/WDyOgkDraOBCyUsVdS5MB+gNCXea+j3VXCT6VKwpLXcgXRwk d+0w1Z9Xyvm9If8qjRbMCRHFDk8pV2P8tg76PD0tDkOFD25vvihJAvboNQNl -----END CERTIFICATE----- Bag Attributes localKeyID: 0C BA ED 0A 7B E9 67 CD E7 0A 08 39 DB 9D 99 34 0A C6 2B A4 Key Attributes: <No Attributes> -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,45A3F7FFC07A6C8D h2Hg0jIRPlwoC0CyYxdPB/+paKyJsW5RGYH4ZG0cooZUdzcc36E68MxN6rXxw8Qr M14ZKr3VBgbpQD3k6SdvIYxeBK1O7V4A1NCaPl9qS4tQpHuCkwjelb+PouOC4C+5 dspfsKri9jMrX1pmzf1vWq7DSRgSisBzcdXkp2AkkLmpAtwhD+JD4gPNVoHUP0r3 TeM6/A8twoyi73off1pUKVTE1rFzuAl0mG5+VnLy6uHUemkpVr3nZMuVQoSp7zer gaZvYJ5/yfjJdFMiyW0d9ZotHJ9/yfQzUwS/1M/ufrjr2cfQTn5VeOOvW+6hKqmV sO0sXLPINnLleTr3bvJX6WrIMtl6I8RqzFmbn/uY1wEpVKugymdauqwmNvNCBQ+u W0kNlQZffmE5YcH9QKKynrTB8QXa/RUhFKmqcK9ZdzI9t8cVrIGl1bogFZ72SDd8 /Cw8fUWh+UMoRwrrOI/g/ZYKeq6UbUVTzEs7RNuPJ1LqiT+RG6HNzUfIsvo+8tTL nw8bpKa2uG2pGyzGNT9R3iT29xqwrZNond4mWh+xlzSqhmznaentexQGPqJJ4tAx dd+jt0zCDMPH7UjWcAcobEaZQzZ4JMGURctQUnbFt1YynFUtiD8Rxvw30Yi1xrw7 qNnFdCskuqOPxzqvM/wJG2A04+qvYegA2aO/4CGLTiDE2EPQ4OgRYCf0frSLTDQa eUMfqVPBhiB8h82YI1Q41GwEP7Fuo+E5LLCTNEYREgb/kxfRwxECrtIzp2q27Qwr Mglxw0layFcCNePypRz4Nuwhl1o1kXICp6dtHb2TTeuEorKdOG6PeA== -----END RSA PRIVATE KEY----- ******************************+ And here the OpenCA cert not working ******************************* -----BEGIN CERTIFICATE----- MIIFhzCCA2+gAwIBAgIBFDANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJERTEP MA0GA1UEChMGQmludGVjMQ0wCwYDVQQDEwRyb290MR0wGwYJKoZIhvcNAQkBFg5y b290QGxvY2FsaG9zdDAeFw0wNTA1MTcwNzI3NDRaFw0wNzAyMjYwNzI3NDRaMEMx CzAJBgNVBAYTAkRFMQ8wDQYDVQQKEwZCaW50ZWMxETAPBgNVBAsTCEludGVybmV0 MRAwDgYDVQQDEwd3bGFuc3J2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3 GSZpO/tjklslwv1PibcZLGtm9iHmunD9Q6eseEV/1w9bENXd9ocRx984kM6J4V/1 Pg3BJWVlKJjM6VzYdAund7mt7oSlzkFtrUJsZm90oAMTQL6XtGuuLulRxKUNzWyN afIT+1WmXE2d9PIPsd9bhpbnbpdY+nP/HoJM9d5qHwIDAQABo4IB/zCCAfswCQYD VR0TBAIwADA4BgNVHSAEMTAvMC0GBCoDAwQwJTAjBggrBgEFBQcCARYXaHR0cDov L3NvbWUudXJsLm9yZy9jcHMwEQYJYIZIAYb4QgEBBAQDAgZAMAsGA1UdDwQEAwIF 4DAjBglghkgBhvhCAQ0EFhYUVlBOIFNlcnZlciBvZiBCaW50ZWMwHQYDVR0OBBYE FE3RXLKs3MJcc3y+aAt0oAmfRMXtMHwGA1UdIwR1MHOAFMYOl7Qk6KtOa+KHgXT3 da1FBwq0oVCkTjBMMQswCQYDVQQGEwJERTEPMA0GA1UEChMGQmludGVjMQ0wCwYD VQQDEwRyb290MR0wGwYJKoZIhvcNAQkBFg5yb290QGxvY2FsaG9zdIIJAJJdwdUP dx5YMBwGA1UdEQQVMBOBEXdsYW5zcnZAbG9jYWxob3N0MBkGA1UdEgQSMBCBDnJv b3RAbG9jYWxob3N0MDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vbG9jYWxob3N0L3B1 Yi9jcmwvY2FjcmwuY3JsMDEGCWCGSAGG+EIBAwQkFiJodHRwOi8vbG9jYWxob3N0 L3B1Yi9jcmwvY2FjcmwuY3JsMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9sb2Nh bGhvc3QvcHViL2NybC9jYWNybC5jcmwwDQYJKoZIhvcNAQEFBQADggIBAA6QBZu/ A8nBp5NFuoLdcj2oHIV3DhxLOQywrFif6DQtRTECJg1gn81TKl7N7Ao9YexQTEPf HobAMZ6ItMLBbGQOifTucKWN7K8EQP2fjdJ2s0S1wgRuX3Q/Ncm3OlepnJ0E++UE i4wcX25VAPuAONrouhiIMd0evPYyr6Akw2vO5bUEv7UaEx9Wcjq5QSVGWrthdt6Y cH0Mtlld2wTegYpkyjblHTW39bAunZ5AkvArb2kaR+3CUPa6bL9hGwDooS26+dHG V3aK5tGwHSt2Z8VdU9QkYrGFODVtcO+htXgb8vaVp++2ISf6hB8KF17HEuHn0ZLZ sA5QxGIpAHEGAWz2IHunM/B/seAFMnINFiMO01dS6ZEZIv2Bm8Hk7H8jWL5Oyxt9 MSP/gZV87ScXnk8jzz2WXT+ij/Sk/wT3Gi0h2PgHlf75UnxhjmVjqwvMTyeX7Mak dSgpyqzAUWHNPZ54M0aWOwX5vaSOmKQUNLFOAXDl1UYd+1xxu6EdZOYaNX6slI2y DXo4SwUGB09SuZoTGPKGGYIi/ZLVFgm24ISrrkMmYtOZMGpVNhZDPoNhJcNgtjR9 utGIOlUuS4mfrbOdPysbJsjPVkq9yPNG/7lYh9B7KKjFuUK//8LPRgNIwEMdTogb xv+GB+tKeOjwoMBN3dVhQFF59ed9laaFfsVJ ----END CERTIFICATE----- -----BEGIN ENCRYPTED PRIVATE KEY----- MIICoTAbBgkqhkiG9w0BBQMwDgQIt0V4xGmMRNECAggABIICgBvprRFUKE+XavI8 0jaUi2WaY16WTW45/9AHjUaOtM8q71OlSZPnZRxo9p9xXTTRoWxYyUp8tEjffDTX hgj4aZE+CaGlr5p+pArBHnwJvBFrXf8MQ41Zxe6c45ndT1j0Yc1amqhq1vg4THmB J9+Vil4lio61xXcbsmzrgZ4YgpqdjcOfbcKPBSt9BF+ur47FfgCEIV9mg2NzRE8T AhUg1IdeTxX9AaDybW5f0a9KyK0rtBGaaSIyp9weCCfG+YI+yw87bJrcSThCfEmb 3ug27pNU9uXirK2LXvxnnYx3E8Tl67vCh2Rg3lE0/vpESGvUbEqH6HzeGrgy5ujV 2yvFt9W/MovG+Gnzf0u9AzzC4KEGJEnsAbK0IioUF80iZOdf/327N8qkxN4z8R0J AAIxGk+/NXYZ2cMRV/fNmhJU1wdjsAHJWXl//XRG0IZuKHsk+dtrHdLAoHJyu3L2 PGn9jX9Ds0olppv8+itxbFh+r1TEGPgzYTODsAW8JOF2l66gbCW8qYNgjRtq2Ou0 qX9+SzpPYskLquSJC3je0PvbhuBtS7G2p3r7DEilFbMlm9wTtJ73V8q3rk2L5zqI C3R21tzq2Z9+g8aGAGZZnlnapkBobKooVgwEpp3iWi8f8Nlyr/Q0m7O1S6QbcX2j bpZp6fvejG6Mu0CNnx26muSOFbdJPeTKc6BDN/FipR8Gri+C+Vx7BSFYgtUm2zmQ i11RgBjwZZju4d0NV2hGObjI8CYqVXoP11UjUGh6gwfJJz3hcXv6I9vP46B4bENo 8ofxjN3hlE04H0ak+EXHGSIILVfGNJS0aYbC02rSoRyApcBtr/L0hWD5AWEI2d+Z AUnYXSg= -----END ENCRYPTED PRIVATE KEY----- *********************************** The file is not corrupted, i tested it! Hope anyone has an idea Thanks tim www.mails.at - Der kostenlose E-Mail Anbieter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html