Hi,all:
I am new to freeradius world. I am trying to setup EAP-TLS using freeradius server. Would you pls tell me which cisco access point is preferred for the EAP-TLS setup?
I have installed openssl-0.9.8 and freeradius-1.0.5 on Redhat 9.0. I tried several times to generate certificate by runing CA.all script which was downloaded from www.missl.cs.umd.edu/wireless/eaptls. But each time I met same issue and failed to generate the certificates. I just typed "./CA.all" to run the script, is there any optional parameters need I input ? (I did not update the file /usr/local/openssl/ssl/openssl.cnf and CA.all)
the following is part of the error log:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:whatever
An optional company name []:radius
Using configuration from /usr/local/openssl/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem: (I entered "whatever" for pass phrase, right? I don't know what is the pass phrase?)
./demoCA/serial: No such file or directory (I think this file ./demoCA/serial will be created automatically when running the CA.all, right?)
error while loading serial number
4427:error:02001002:system library:fopen:No such file or directory:bss_file.c:349:fopen('./demoCA/serial','r')
4427:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:351:
No certificate matches private key
4429:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:
unable to load certificate
4430:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE
to be sent with your certificate request
A challenge password []:whatever
An optional company name []:radius
Using configuration from /usr/local/openssl/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem: (I entered "whatever" for pass phrase, right? I don't know what is the pass phrase?)
./demoCA/serial: No such file or directory (I think this file ./demoCA/serial will be created automatically when running the CA.all, right?)
error while loading serial number
4427:error:02001002:system library:fopen:No such file or directory:bss_file.c:349:fopen('./demoCA/serial','r')
4427:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:351:
No certificate matches private key
4429:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:
unable to load certificate
4430:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE
Enclosed is the complete log of runing the script CA.all. I am not clear the root cause. Your help is very appreciated. had better provide me a successful log of running the CA.all. I don't know which information I should input when runing the CA.all.
Thanks a lot
ann
雅虎免费G邮箱-No.1的防毒防垃圾超大邮箱
雅虎助手¨D搜索、杀毒、防骚扰
run ./CA.all
################## create private key name : name-root CA.pl -newcert ################## Generating a 1024 bit RSA private key ...........++++++ ..................++++++ writing new private key to 'newreq.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:Beijing Locality Name (eg, city) []:Beijing Organization Name (eg, company) [Internet Widgits Pty Ltd]:OpenTide Organizational Unit Name (eg, section) []:IT Solution Common Name (eg, YOUR name) []:wanghao Email Address []:[EMAIL PROTECTED] ################## create CA use just created 'newreq.pem' private key as filename CA.pl -newca ################## CA certificate filename (or enter to create) ################## exporting ROOT CA CA.pl -newreq CA.pl -signreq openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.pem openssl pkcs12 -in root.cer -out root.pem ################## MAC verified OK ################## creating client certificate name : name-clt client certificate stored as cert-clt.pem CA.pl -newreq CA.pl -signreq ################## Generating a 1024 bit RSA private key ..................++++++ ..........................++++++ writing new private key to 'newreq.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:Beijing Locality Name (eg, city) []:Beijing Organization Name (eg, company) [Internet Widgits Pty Ltd]:OpenTide Organizational Unit Name (eg, section) []:IT Solution Common Name (eg, YOUR name) []:wanghao Email Address []:[EMAIL PROTECTED] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:whatever An optional company name []:radius Using configuration from /usr/local/openssl/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: ./demoCA/serial: No such file or directory error while loading serial number 4427:error:02001002:system library:fopen:No such file or directory:bss_file.c:349:fopen('./demoCA/serial','r') 4427:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:351: No certificate matches private key 4429:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150: unable to load certificate 4430:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE ################## creating server certificate name : name-srv server certificate stored as cert-srv.pem CA.pl -newreq CA.pl -signreq ################## Generating a 1024 bit RSA private key ..............................++++++ ..........++++++ writing new private key to 'newreq.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: