ok, i already tried to fix the script but didn't tried your hint.
i've put some extra "echo 00 > serial" into CA.certs, because the file
was delete during running the script.
everthing is fine now :-)
thanks!
Am 15.12.2007 um 22:55 schrieb ikpirhu last:
you have to look at certs.sh and modify the paths in that file.
aswell the openssl.cnf file.
its a kindda workaround but i dont have a better way.
or you can
echo 00 > serial
On 15/12/2007, Julian Stöver <[EMAIL PROTECTED]> wrote:
Hi!
I'm using Freeradius 1.1.3 under Debian Etch! I want to configure
Freeradius with EAP-TLS in my network but there some problems with the
certficate creation.
I get this message when i run the file " certs.sh" in the "docs/
freeradius/examples/" directory:
> ##################
> create private key
> name : name-root
> CA.pl -newcert
> ##################
>
> Generating a 1024 bit RSA private key
> .............++++++
> ....................................++++++
> writing new private key to ' newreq.pem'
> -----
> You are about to be asked to enter information that will be
> incorporated
> into your certificate request.
> What you are about to enter is what is called a Distinguished Name
> or a DN.
> There are quite a few fields but you can leave some blank
> For some fields there will be a default value,
> If you enter '.', the field will be left blank.
> -----
> Country Name (2 letter code) [AU]:State or Province Name (full name)
> [Some-State]:Locality Name (eg, city) []:Organization Name (eg,
> company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg,
> section) []:Common Name (eg, YOUR name) []:Email Address []:
> ##################
> create CA
> use just created 'newreq.pem' private key as filename
> CA.pl -newca
> ##################
>
> CA certificate filename (or enter to create)
>
> ##################
> exporting ROOT CA
> CA.pl -newreq
> CA.pl -signreq
> openssl pkcs12 -export -in demoCA/cacert.pem -inkey
newreq.pem -
> out root.pem
> openssl pkcs12 -in root.cer -out root.pem
> ##################
>
> MAC verified OK
>
> ##################
> creating client certificate
> name : name-clt
> client certificate stored as cert-clt.pem
> CA.pl -newreq
> CA.pl -signreq
> ##################
>
> Generating a 1024 bit RSA private key
> ......................++++++
> .++++++
> writing new private key to 'newreq.pem'
> -----
> You are about to be asked to enter information that will be
> incorporated
> into your certificate request.
> What you are about to enter is what is called a Distinguished Name
> or a DN.
> There are quite a few fields but you can leave some blank
> For some fields there will be a default value,
> If you enter '.', the field will be left blank.
> -----
> Country Name (2 letter code) [AU]:State or Province Name (full name)
> [Some-State]:Locality Name (eg, city) []:Organization Name (eg,
> company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg,
> section) []:Common Name (eg, YOUR name) []:Email Address []:
> Please enter the following 'extra' attributes
> to be sent with your certificate request
>> A challenge password []:An optional company name []:Using
>> configuration from /usr/lib/ssl/openssl.cnf
>> ./demoCA/serial: No such file or directory
>> error while loading serial number
> 11733:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:352:fopen('./demoCA/serial','r')
> 11733:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:
354:
> Failed to do sign certificate
I think the 6 last lines are important and i search for a "serial"
file, but i doesn't exist. Are there other users with this problem?
How can i solve this problem?
Mfg
Julian
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
