Hi
I wonder if you can help. I am trying to generate certificates in order
to have a FreeRadius server running on my RedHat 7.3 and to authenticate
a WinXP client.
So far I have used openssl (/usr/local/ssl) version 0.9.6h ([engine] 5
Dec 2002) with which I can generate CA for root (CA.root), server
(CA.svr) and client (CA.clt) without any problem. This release doesn't
support WinXP, so I got version 0.9.7 and installed it as per your
instruction (/usr/local/openss-certgen). Now, with this version I can
generate root certificates but attempt to generate the server one
results in the following log information:
Generating a 1024 bit RSA private key
................++++++
............................++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [UK]:State or Province Name (full name)
[Wales]:Locality Name (eg, city) [Ebbw Vale]:Organization Name (eg,
company) [Technology Concepts Ltd]:Organizational Unit Name (eg,
section) [Technical Support]:Common Name (eg, YOUR name) [mansour]:Email
Address [[EMAIL PROTECTED]]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password [test123]:An optional company name []:Using
configuration from /usr/local/openssl-certgen/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 4 (0x4)
Validity
Not Before: Jan 15 14:26:18 2003 GMT
Not After : Jan 15 14:26:18 2004 GMT
Subject:
countryName = UK
stateOrProvinceName = Wales
localityName = Ebbw Vale
organizationName = Technology Concepts Ltd
organizationalUnitName = john
commonName = mansour
emailAddress = [EMAIL PROTECTED]
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
D0:BB:EA:85:0A:F6:AC:78:A6:48:00:73:FF:14:55:C4:F4:9E:23:10
X509v3 Authority Key Identifier:
keyid:73:EC:32:B6:8F:57:69:7A:C5:5F:C2:52:D5:5E:ED:28:37:DB:
28:A8
DirName:/C=UK/ST=Wales/L=Ebbw Vale/O=Technology Concepts
Ltd/OU=Technical [EMAIL PROTECTED]
serial:00
Certificate is to be certified until Jan 15 14:26:18 2004 GMT (365 days)
Sign the certificate? [y/n]:
1 out of 1 certificate requests certified, commit? [y/n]CERTIFICATION
CANCELED
./CAsvr: line 23: 1851 Segmentation fault openssl ca -policy
policy_anything -out newcert.pem -passin pass:test123 -key test123 -
infiles newreq.pem
No certificate matches private key
1853:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too
long:asn1_lib.c:138:
unable to load certificate
1854:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:632:Expecting: TRUSTED CERTIFICATE
I get Segmentation fault!!!!!!.
My kernel ID is 2.4.18-3. Can you please let me know if you are aware of
this problem and how to go about solving it.
Thanks.
Kind regards
R Mansour
Tel: +44 (0)870 8705088
Fax: +44 (0)870 8705089
WEB: http://www.TheTCL.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
