Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > Certificate problem in Radius with PEAP

Reply
Thread Tools Display Modes

Certificate problem in Radius with PEAP

 
 
Daniel Camps
Guest
Posts: n/a

 
      01-18-2005, 06:40 PM
I want to set up a Radius server for use in 802.1x, I want PEAP
autentication, so I need to configure TLS and certificates, I have
openssl and I have generated a CA and signed a certificate with it, I
have configured the radiusd.conf and the eap.conf, but I get this
error when I start radius in debug mode. I attach the tls section
because is the problematic one:

rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/var/ssl/newreq.pem"
tls: certificate_file = "/var/ssl/newreq.pem"
tls: CA_file = "/var/ssl/cacert.pem"
tls: private_key_password = "my_passwd"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/dev/urandom"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
4419:error:0906D06C:PEM routines:PEM_read_bio:no start
lineem_lib.c:632:Expecting: CERTIFICATE
4419:error:0906D06C:PEM routines:PEM_read_bio:no start
lineem_lib.c:632:Expecting: CERTIFICATE
4419:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM
lib:ssl_rsa.c:534:
rlm_eap_tls: Error reading certificate file
rlm_eap: Failed to initialize type tls
radiusd.conf[9]: eap: Module instantiation failed.

It seems a problem in reading the certificates files, the
"/var/ssl/newreq.file", I have checked that the radius server has
enough privileges to access that file. That file is the server
certificate signed by the CA and was generated with openssl, this file
actually contains the private key and the public certificate, and is
of the form:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,D50C8C4598225F1B

6yDmwg
....
PysPdPw==
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE REQUEST-----
MIIB3zCC
.....

FhH7
-----END CERTIFICATE REQUEST-----

So I think the file is correct.

Does any one know about why the radius server is not reading the
certificates properly?

Thanks a lot !
 
Reply With Quote
 
 
 
Reply

« Connecting 2 sites together via VTUN, routing issue | Headless machine? »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Radius Server with PEAP and Password Ahmed Windows Networking 1 04-07-2009 11:49 AM
PEAP via Microsoft IAS does not work (using VeriSign Certificate) M C Wireless Networks 0 04-11-2007 09:37 AM
wireless PEAP with EAP-MSCHAP v2 authentication - certificate spoof possible? Todd H. Wireless Internet 4 10-25-2006 02:08 AM
PEAP Certificate Problem Zarborg Windows Networking 1 09-06-2005 08:58 PM
PEAP/MSCHAPV2 need server certificate ?? me Wireless Networks 1 08-31-2005 11:27 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11