errors creating certificates

2003-12-22 Thread Huebel, Tony 



I am 
trying to create some certificates and having problems. I am using Redhat 8.0 
and openssl .9.7c. I am using the CA.all script found http://www.missl.cs.umd.edu/wireless/eaptls/doc/CA.all . 
It seems to create the first certificate fine, then when it goes to create the 
client and then the server I get the following error after I enter "y" to sign 
the certificate. Can someone please help me figure this out? 
Thanks!
 
Sign the certificate? 
[y/n]:y-passin: No such file or directory14554:error:02001002:system 
library:fopen:No such file or 
directory:bss_file.c:276:fopen('-passin','r')14554:error:20074002:BIO 
routines:FILE_CTRL:system lib:bss_file.c:278:No certificate matches private 
key14556:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too 
long:asn1_lib.c:140:unable to load certificate14557:error:0906D06C:PEM 
routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: TRUSTED 
CERTIFICATE 
 
 

certificate generation and freeradius

2003-12-19 Thread Huebel, Tony 



I am new to this 
users list and hope this gets to someone that can help me. I am trying to set up 
a RADIUS server for my wireless network. I am running RedHat 8.0 and have 
installed freeradius-0.9.3 that I downloaded from the freeradius.org site in 
tar.gz format. I am utilizing two HOWTO docs http://www.freeradius.org/doc/EAPTLS.pdf and 
http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm#6 . 
I am primarliy using the latter for the freeradius setup and certificate 
generation. I configured my radiusd.conf (located in 
/usr/local/etc/radius/raddb/) based on the second link under the radiusd.conf 
section. I then created the script run-radiusd that is also detailed on that 
page. I get the following errors:
...
...
...
...
 tls: dh_file = 
"/etc/1x/r/DH" tls: random_file = "/etc/1x/r/random" tls: 
fragment_size = 1024 tls: include_length = 
yes24076:error:0E06D06C:configuration file routines:NCONF_get_string:no 
value:conf_lib.c:329:group=engine 
name=default24076:error:0E06D06C:configuration file 
routines:NCONF_get_string:no value:conf_lib.c:329:group=engine 
name=rsa24076:error:0E06D06C:configuration file routines:NCONF_get_string:no 
value:conf_lib.c:329:group=engine name=dsa24076:error:0E06D06C:configuration 
file routines:NCONF_get_string:no value:conf_lib.c:329:group=engine 
name=dh24076:error:0E06D06C:configuration file routines:NCONF_get_string:no 
value:conf_lib.c:329:group=engine 
name=rand24076:error:0E06D06C:configuration file 
routines:NCONF_get_string:no value:conf_lib.c:329:group=engine 
name=bn_mod_exp24076:error:0E06D06C:configuration file 
routines:NCONF_get_string:no value:conf_lib.c:329:group=engine 
name=bn_mod_exp_crt24076:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:104:fopen('/etc/1x/r/CA.pam','r')24076:error:2006D080:BIO 
routines:BIO_new_file:no such file:bss_file.c:107:24076:error:0B084002:x509 
certificate routines:X509_load_cert_crl_file:system 
lib:by_file.c:274:rlm_eap_tls: Error reading Trusted root CA 
listrlm_eap: Failed to initialize the type tlsradiusd.conf[600]: eap: 
Module instantiation failed.
 
Now I do not have a 
CA.pam file in my /etc/1x/r/ directory and do not know where or how to get that 
file. I did create the CA.root, CA.svr, and CA.clt files and execute them. They 
seemed to create all the files except I think the client file has no name except 
.p12 At any rate, here is a directory list of where I ran the CA.* scripts. 
(there are suppose to be 3 columns)
 
.  
demoCA   

.. 
.der 

.p12
.bash_logout 
.pem.bash_profile    
.bashrc    
.gtkrc   
root.derCA.all 
newcert.pem  
root.p12CA.clt  
root.pemCA.root    
xpextensionsCA.svr 

 
 
If someone can give 
me some advice on where to go from here I would appreciate 
it.

 
Thanks!   
Tony