Hi Ivan This is how generetd the certs and radiusd -X gives error
linux-7v1x:/etc/raddb/certs # ./CA.root myettelap Generating a 1024 bit RSA private key ..++++++ .................++++++ writing new private key to 'pem/newreq.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []: Email Address []: MAC verified OK linux-7v1x:/etc/raddb/certs # ls bootstrap CA.client CA.root client.cnf der p12 pem server.cnf CA.cient ca.cnf CA.server demoCA Makefile pass README xpextensions linux-7v1x:/etc/raddb/certs # cd pass linux-7v1x:/etc/raddb/certs/pass # ls root.pass linux-7v1x:/etc/raddb/certs/pass # vi root.pass linux-7v1x:/etc/raddb/certs/pass # linux-7v1x:/etc/raddb/certs/pass # linux-7v1x:/etc/raddb/certs/pass # linux-7v1x:/etc/raddb/certs/pass # linux-7v1x:/etc/raddb/certs/pass # linux-7v1x:/etc/raddb/certs/pass # linux-7v1x:/etc/raddb/certs/pass # linux-7v1x:/etc/raddb/certs/pass # linux-7v1x:/etc/raddb/certs/pass # linux-7v1x:/etc/raddb/certs/pass # linux-7v1x:/etc/raddb/certs/pass # linux-7v1x:/etc/raddb/certs/pass # linux-7v1x:/etc/raddb/certs/pass # linux-7v1x:/etc/raddb/certs/pass # linux-7v1x:/etc/raddb/certs/pass # linux-7v1x:/etc/raddb/certs/pass # linux-7v1x:/etc/raddb/certs/pass # linux-7v1x:/etc/raddb/certs/pass # cd . linux-7v1x:/etc/raddb/certs/pass # cd .. linux-7v1x:/etc/raddb/certs # ls bootstrap CA.client CA.root client.cnf der p12 pem server.cnf CA.cient ca.cnf CA.server demoCA Makefile pass README xpextensions linux-7v1x:/etc/raddb/certs # cd pem linux-7v1x:/etc/raddb/certs/pem # ls root.pem linux-7v1x:/etc/raddb/certs/pem # cd .. linux-7v1x:/etc/raddb/certs # ls bootstrap CA.client CA.root client.cnf der p12 pem server.cnf CA.cient ca.cnf CA.server demoCA Makefile pass README xpextensions linux-7v1x:/etc/raddb/certs # cd /home/palette/Desktop/freeradius-1.0.4/raddb/certs/demoCA/ linux-7v1x:/home/palette/Desktop/freeradius-1.0.4/raddb/certs/demoCA # ls cacert.pem index.txt index.txt.old serial serial.old linux-7v1x:/home/palette/Desktop/freeradius-1.0.4/raddb/certs/demoCA # cp serial /etc/raddb/certs/demoCA/ linux-7v1x:/home/palette/Desktop/freeradius-1.0.4/raddb/certs/demoCA # cd /etc/raddb/certs/ linux-7v1x:/etc/raddb/certs # ls bootstrap CA.client CA.root client.cnf der p12 pem server.cnf CA.cient ca.cnf CA.server demoCA Makefile pass README xpextensions linux-7v1x:/etc/raddb/certs # ./CA.server linux-7v1x devin myettelap Generating a 1024 bit RSA private key .............................................++++++ ................................++++++ writing new private key to 'pem/newreq.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:linux-7v1x Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:1234 An optional company name []:Pal Using configuration from /etc/ssl/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 3 (0x3) Validity Not Before: Jul 31 09:28:11 2009 GMT Not After : Jul 31 09:28:11 2010 GMT Subject: countryName = AU stateOrProvinceName = Some-State organizationName = Internet Widgits Pty Ltd commonName = linux-7v1x X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication Certificate is to be certified until Jul 31 09:28:11 2010 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated MAC verified OK linux-7v1x:/etc/raddb/certs # ls bootstrap CA.client CA.root client.cnf der p12 pem server.cnf CA.cient ca.cnf CA.server demoCA Makefile pass README xpextensions linux-7v1x:/etc/raddb/certs # cd pass linux-7v1x:/etc/raddb/certs/pass # ls root.pass linux-7v1x:/etc/raddb/certs/pass # cd .. linux-7v1x:/etc/raddb/certs # cd der linux-7v1x:/etc/raddb/certs/der # ls linux-7v1x.der root.der linux-7v1x:/etc/raddb/certs/der # cd . linux-7v1x:/etc/raddb/certs/der # cd .. linux-7v1x:/etc/raddb/certs # ls bootstrap CA.client CA.root client.cnf der p12 pem server.cnf CA.cient ca.cnf CA.server demoCA Makefile pass README xpextensions linux-7v1x:/etc/raddb/certs # ./CA.client palette-giau6pb devin myettelap Generating a 1024 bit RSA private key .......++++++ .......................................................++++++ writing new private key to 'pem/newreq.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:palette-giau6pb Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:1234 An optional company name []: Using configuration from /etc/ssl/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 4 (0x4) Validity Not Before: Jul 31 09:31:56 2009 GMT Not After : Jul 31 09:31:56 2010 GMT Subject: countryName = AU stateOrProvinceName = Some-State organizationName = Internet Widgits Pty Ltd commonName = palette-giau6pb X509v3 extensions: X509v3 Extended Key Usage: TLS Web Client Authentication Certificate is to be certified until Jul 31 09:31:56 2010 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated MAC verified OK linux-7v1x:/etc/raddb/certs # ls Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/etc/wireless-auth/linux-7v1x.pem" certificate_file = "/etc/wireless-auth/linux-7v1x.pem" CA_file = "/etc/wireless-auth/root.pem" private_key_password = "myettelap" dh_file = "/etc/wireless-auth/DH" random_file = "/etc/wireless-auth/random" fragment_size = 1024 include_length = yes check_crl = no } rlm_eap: SSL error error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt rlm_eap_tls: Error reading private key file /etc/wireless-auth/linux-7v1x.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module "eap" /etc/raddb/sites-enabled/default[280]: Failed to find module "eap". /etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section. } Errors initializing modules 2009/7/31 Devinder Singh <devinbhul...@gmail.com>: > Hi Ivan > > Ned you help here > Module: Linked to sub-module rlm_eap_tls > Module: Instantiating eap-tls > tls { > rsa_key_exchange = no > dh_key_exchange = yes > rsa_key_length = 512 > dh_key_length = 512 > verify_depth = 0 > pem_file_type = yes > private_key_file = "/etc/wireless-auth/linux-7v1x.pem" > certificate_file = "/etc/wireless-auth/linux-7v1x.pem" > CA_file = "/etc/wireless-auth/root.pem" > private_key_password = "myettelap" > dh_file = "/etc/wireless-auth/DH" > random_file = "/etc/wireless-auth/random" > fragment_size = 1024 > include_length = yes > check_crl = no > } > rlm_eap: SSL error error:06065064:digital envelope > routines:EVP_DecryptFinal_ex:bad decrypt > rlm_eap_tls: Error reading private key file /etc/wireless-auth/linux-7v1x.pem > rlm_eap: Failed to initialize type tls > /etc/raddb/eap.conf[17]: Instantiation failed for module "eap" > /etc/raddb/sites-enabled/default[280]: Failed to find module "eap". > /etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section. > } > Errors initializing modules > -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html