Hi!
I'm using Freeradius 1.1.3 under Debian Etch! I want to configure
Freeradius with EAP-TLS in my network but there some problems with the
certficate creation.
I get this message when i run the file "certs.sh" in the "docs/
freeradius/examples/" directory:
##################
create private key
name : name-root
CA.pl -newcert
##################
Generating a 1024 bit RSA private key
.............++++++
....................................++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be
incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name
or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:State or Province Name (full name)
[Some-State]:Locality Name (eg, city) []:Organization Name (eg,
company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg,
section) []:Common Name (eg, YOUR name) []:Email Address []:
##################
create CA
use just created 'newreq.pem' private key as filename
CA.pl -newca
##################
CA certificate filename (or enter to create)
##################
exporting ROOT CA
CA.pl -newreq
CA.pl -signreq
openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -
out root.pem
openssl pkcs12 -in root.cer -out root.pem
##################
MAC verified OK
##################
creating client certificate
name : name-clt
client certificate stored as cert-clt.pem
CA.pl -newreq
CA.pl -signreq
##################
Generating a 1024 bit RSA private key
......................++++++
.++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be
incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name
or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:State or Province Name (full name)
[Some-State]:Locality Name (eg, city) []:Organization Name (eg,
company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg,
section) []:Common Name (eg, YOUR name) []:Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:An optional company name []:Using
configuration from /usr/lib/ssl/openssl.cnf
./demoCA/serial: No such file or directory
error while loading serial number
11733:error:02001002:system library:fopen:No such file or
directory:bss_file.c:352:fopen('./demoCA/serial','r')
11733:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
Failed to do sign certificate
I think the 6 last lines are important and i search for a "serial"
file, but i doesn't exist. Are there other users with this problem?
How can i solve this problem?
Mfg
Julian
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html