Hi,
This is our (working...) config for eduroam with RADSEC:
<ServerRADSEC>
Port 2083
Protocol tcp
Secret whatever...
UseTLS
TLS_CAFile %D/RADSEC-PKI-CA_chain.pem
TLS_CertificateFile %D/server.pem
TLS_CertificateType PEM
TLS_PrivateKeyFile %D/server.key
TLS_RequireClientCert
Identifier radsec
</ServerRADSEC>
The file RADSEC-PKI-CA_chain.pem contains the whole CA-chain starting with top
CA cert working down...
Hope, this helps...
Best regards,
Stephan
--
Stephan Waßerroth
Head of Core IT-Services
Fraunhofer-Fokus | Kaiserin-Augusta-Allee 31 | D-10589 Berlin
e-mail: stephan.wasserr...@fokus.fraunhofer.de
> -----Original Message-----
> From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au]
> On Behalf Of Jan Tomasek
> Sent: Thursday, April 16, 2015 11:32 AM
> To: radiator@open.com.au
> Subject: [RADIATOR] TLS_CertificateChainFile within ServerRADSEC not
> working?
>
> Hello,
>
> I'm trying configure ServerRADSEC to sent certificate chain but it wont
> work :(
>
> <ServerRADSEC>
> Secret mysecret
> BindAddress ::,0.0.0.0
>
> UseTLS
> TLS_CAFile /etc/radiator/trusted-CA.pem
> TLS_CertificateType PEM
> TLS_CertificateFile /etc/ssl/certs/eduroom.cesnet.cz.crt
> TLS_PrivateKeyFile /etc/ssl/private/eduroom.cesnet.cz.key
> TLS_CertificateChainFile /etc/ssl/certs/TERENA_SSL_CA_2.pem
>
>
> root@eduroom:/var/log/arch/radiator# cat
> /etc/ssl/certs/TERENA_SSL_CA_2.pem
> -----BEGIN CERTIFICATE-----
> -----END CERTIFICATE-----
>
> when client connects Radiator print:
>
> > Thu Apr 16 11:29:29 2015: DEBUG: Stream connected to
> 2001:718:1:6:ea94:f6ff:fe33:651e:60211
> > Thu Apr 16 11:29:29 2015: DEBUG: StreamTLS sessionInit for
> 2001:718:1:6:ea94:f6ff:fe33:651e
> > Thu Apr 16 11:29:29 2015: ERR: StreamTLS could not create SSL:
> Net::SSLeay::new failed: 17482: 1 - error:140BA0C3:SSL
> routines:SSL_new:null ssl ctx
> > ,Inappropriate ioctl for device
> > Thu Apr 16 11:29:29 2015: DEBUG: New StreamServer Connection created for
> 2001:718:1:6:ea94:f6ff:fe33:651e:60211
> > Thu Apr 16 11:29:29 2015: DEBUG: Stream connected to
> 2001:718:e:0:ea94:f6ff:fe3f:68d8:32903
> > Thu Apr 16 11:29:29 2015: DEBUG: StreamTLS sessionInit for
> 2001:718:e:0:ea94:f6ff:fe3f:68d8
> > Thu Apr 16 11:29:29 2015: ERR: StreamTLS could not create SSL:
> Net::SSLeay::new failed: 17482: 1 - error:140BA0C3:SSL
> routines:SSL_new:null ssl ctx
> > ,Inappropriate ioctl for device
> > Thu Apr 16 11:29:29 2015: DEBUG: New StreamServer Connection created for
> 2001:718:e:0:ea94:f6ff:fe3f:68d8:32903
> > Thu Apr 16 11:29:30 2015: DEBUG: Stream connected to
> 195.113.187.22:46764
> > Thu Apr 16 11:29:30 2015: DEBUG: StreamTLS sessionInit for
> 195.113.187.22
> > Thu Apr 16 11:29:30 2015: ERR: StreamTLS could not create SSL:
> Net::SSLeay::new failed: 17482: 1 - error:140BA0C3:SSL
> routines:SSL_new:null ssl ctx
> > ,Inappropriate ioctl for device
>
> Without TLS_CertificateChainFile everything works fine.
>
> Thanks for any help
> --
> -----------------------
> Jan Tomasek aka Semik
> http://www.tomasek.cz/
> _______________________________________________
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
