you have to look at certs.sh and modify the paths in that file. aswell the openssl.cnf file. its a kindda workaround but i dont have a better way.
or you can echo 00 > serial On 15/12/2007, Julian Stöver <[EMAIL PROTECTED]> wrote: > > Hi! > I'm using Freeradius 1.1.3 under Debian Etch! I want to configure > Freeradius with EAP-TLS in my network but there some problems with the > certficate creation. > > I get this message when i run the file "certs.sh" in the "docs/ > freeradius/examples/" directory: > > > > ################## > > create private key > > name : name-root > > CA.pl -newcert > > ################## > > > > Generating a 1024 bit RSA private key > > .............++++++ > > ....................................++++++ > > writing new private key to 'newreq.pem' > > ----- > > You are about to be asked to enter information that will be > > incorporated > > into your certificate request. > > What you are about to enter is what is called a Distinguished Name > > or a DN. > > There are quite a few fields but you can leave some blank > > For some fields there will be a default value, > > If you enter '.', the field will be left blank. > > ----- > > Country Name (2 letter code) [AU]:State or Province Name (full name) > > [Some-State]:Locality Name (eg, city) []:Organization Name (eg, > > company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, > > section) []:Common Name (eg, YOUR name) []:Email Address []: > > ################## > > create CA > > use just created 'newreq.pem' private key as filename > > CA.pl -newca > > ################## > > > > CA certificate filename (or enter to create) > > > > ################## > > exporting ROOT CA > > CA.pl -newreq > > CA.pl -signreq > > openssl pkcs12 -export -in demoCA/cacert.pem -inkey > newreq.pem - > > out root.pem > > openssl pkcs12 -in root.cer -out root.pem > > ################## > > > > MAC verified OK > > > > ################## > > creating client certificate > > name : name-clt > > client certificate stored as cert-clt.pem > > CA.pl -newreq > > CA.pl -signreq > > ################## > > > > Generating a 1024 bit RSA private key > > ......................++++++ > > .++++++ > > writing new private key to 'newreq.pem' > > ----- > > You are about to be asked to enter information that will be > > incorporated > > into your certificate request. > > What you are about to enter is what is called a Distinguished Name > > or a DN. > > There are quite a few fields but you can leave some blank > > For some fields there will be a default value, > > If you enter '.', the field will be left blank. > > ----- > > Country Name (2 letter code) [AU]:State or Province Name (full name) > > [Some-State]:Locality Name (eg, city) []:Organization Name (eg, > > company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, > > section) []:Common Name (eg, YOUR name) []:Email Address []: > > Please enter the following 'extra' attributes > > to be sent with your certificate request > >> A challenge password []:An optional company name []:Using > >> configuration from /usr/lib/ssl/openssl.cnf > >> ./demoCA/serial: No such file or directory > >> error while loading serial number > > 11733:error:02001002:system library:fopen:No such file or > > directory:bss_file.c:352:fopen('./demoCA/serial','r') > > 11733:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354: > > Failed to do sign certificate > > I think the 6 last lines are important and i search for a "serial" > file, but i doesn't exist. Are there other users with this problem? > How can i solve this problem? > > Mfg > Julian > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html