read the error messages. look likes u are missing some of the files..eg. newcert..pem, tranda1.p12...
where do your find Raymond Mckay's file?
There is another EAP/TLS howto, http://www.freeradius.org/doc/EAPTLS.pdf
Augustine
David Tran wrote:
To All,
I've followed Raymond Mckay EAP/TLS MPPE WinXP(SP1) HOWTO step-by-step
on my RedHat Linux 8. Everything works great except on Chapter 6 where I have
run into problems with "Certficate Generation" where the CA.root scripts work but
the CA.svr and CA.clt do not. Here are the errors below. As a new linux user,
I don't know what I need to do in making it work. Please help.
Raymond, I can that you have me and other linux users with your instructions.
I would like to say "THANK YOU!".
David Tran
[EMAIL PROTECTED] <mailto:tran@;micronetsolution.com>
0) The machine is running Redhat Linux 8.0. This machine hostname is resolved by
DNS server as "linux-radius.micronetsolution.com" to 172.16.1.2
1) download the 0.9.6g <http://www.impossiblereflex.com/8021x/files/openssl-0.9.6g.tar.gz>, 0.9.7-beta3 <http://www.impossiblereflex.com/8021x/files/openssl-0.9.7-beta3.tar.gz>, SNAP-20021027 <http://www.impossiblereflex.com/8021x/files/openssl-SNAP-20021027.tar.gz> and snapshot-20021028 <http://www.impossiblereflex.com/8021x/files/freeradius-snapshot-20021028.tar.gz>
2) unzip, untar and compile and everything looks good. By the way, I use the same
layout directory as described by you in instructions. Look good so far,
3) modify the Makefile in src/modules/rlm_eap/types/rlm_eap_tls and type "make",
Look good.
3a) modify the openssl.conf to suit my need (basically, put in my email, location, etc...)
4) Certificate Generation. I copy the CA.root, CA.svr, CA.clt from the instructions. I change the
password from "whatever" to "test123",
5) when I run CA.root, look good
6) when I run CA.svr and CA.clt, I am getting error:
here are the errors:
[root@linux-radius ssl]# pwd
/usr/local/openssl-certgen/ssl
[root@linux-radius ssl]# ls -l
total 64
-rwx------ 1 root root 1731 Nov 2 10:25 CA.clt
-rwx------ 1 root root 2208 Nov 2 10:25 CA.root
-rwx------ 1 root root 1674 Nov 2 10:25 CA.svr
drwxr-xr-x 2 root root 4096 Nov 1 15:11 certs
drwxr-xr-x 6 root root 4096 Nov 2 10:25 demoCA
drwxr-xr-x 2 root root 4096 Nov 1 15:11 lib
drwxr-xr-x 6 root root 4096 Nov 1 15:07 man
drwxr-xr-x 2 root root 4096 Nov 1 15:11 misc
-rw-r--r-- 1 root root 7665 Nov 2 10:22 openssl.cnf
-rw-r--r-- 1 root root 7521 Nov 2 07:48 openssl.cnf.orig
drwxr-xr-x 2 root root 4096 Nov 1 15:11 private
-rw-r--r-- 1 root root 986 Nov 2 10:25 root.der
-rw-r--r-- 1 root root 2005 Nov 2 10:25 root.p12
-rw-r--r-- 1 root root 2844 Nov 2 10:25 root.pem
[root@linux-radius ssl]# ls
CA.clt CA.root CA.svr certs demoCA lib man misc openssl.cnf openssl.cnf.orig private root.der root.p12 root.pem
[root@linux-radius ssl]# CA.root
*********************************************************************************
Creating self-signed private key and certificate
When prompted override the default value for the Common Name field
*********************************************************************************
Generating a 1024 bit RSA private key
......++++++
..........................................++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [Maryland]:
Locality Name (eg, city) [Beltsville]:
Organization Name (eg, company) [micronetsolution]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) [Micronetsolution Wireless Network]:
Email Address [[EMAIL PROTECTED]]:
*********************************************************************************
Creating a new CA hierarchy (used later by the ca command) with the certificate
and private key created in the last step
*********************************************************************************
*********************************************************************************
Creating ROOT CA
*********************************************************************************
MAC verified OK
[root@linux-radius ssl]# CA.svr linux-radius
*********************************************************************************
Creating server private key and certificate
When prompted enter the server name in the Common Name field.
*********************************************************************************
Generating a 1024 bit RSA private key
.................................................++++++
..............................................................................++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [Maryland]:
Locality Name (eg, city) [Beltsville]:
Organization Name (eg, company) [micronetsolution]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) [Micronetsolution Wireless Network]:linux-radius
Email Address [[EMAIL PROTECTED]]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:test123
An optional company name []:
Using configuration from /usr/local/openssl-certgen/ssl/openssl.cnf
ERROR: loading the config file 'xpextensions'
12609:error:02001002:system library:fopen:No such file or directory:bss_file.c:104:fopen('xpextensions','rb')
12609:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:107:
12609:error:0E064072:configuration file routines:CONF_load:no such file:conf_def.c:197:
Error opening input file newcert.pem
newcert.pem: No such file or directory
Error opening input file linux-radius.p12
linux-radius.p12: No such file or directory
Error opening Certificate linux-radius.pem
12612:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('linux-radius.pem','r')
12612:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load certificate
[root@linux-radius ssl]# CA.clt tranda1 *********************************************************************************
Creating client private key and certificate
When prompted enter the client name in the Common Name field. This is the same
used as the Username in FreeRADIUS
*********************************************************************************
Generating a 1024 bit RSA private key
........................................++++++
...........++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [Maryland]:
Locality Name (eg, city) [Beltsville]:
Organization Name (eg, company) [micronetsolution]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) [Micronetsolution Wireless Network]:tranda1
Email Address [[EMAIL PROTECTED]]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:test123
An optional company name []: Using configuration from /usr/local/openssl-certgen/ssl/openssl.cnf
ERROR: loading the config file 'xpextensions'
12616:error:02001002:system library:fopen:No such file or directory:bss_file.c:104:fopen('xpextensions','rb')
12616:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:107:
12616:error:0E064072:configuration file routines:CONF_load:no such file:conf_def.c:197:
Error opening input file newcert.pem
newcert.pem: No such file or directory
Error opening input file tranda1.p12
tranda1.p12: No such file or directory
Error opening Certificate tranda1.pem
12619:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('tranda1.pem','r')
12619:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
unable to load certificate
[root@linux-radius ssl]#
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
