(RADIATOR) Problem with EAP TLS

Mike McCauley mikem at open.com.au
Mon Nov 17 16:13:07 CST 2003 

Hello Simon,


On Tue, 18 Nov 2003 04:19 am, Simon Gao wrote:
> Hi,
>
> I am trying to use EAP TLS for user authentication. But I run into this
> error on the server. This errors happend both to self-signed certifcate
> with XP extention (generated using OpenSSL 0.9.7c) and the sample test
> certificates. The envrionement is Redhat 9.0, OpenSSL 0.9.7c, Radiator
> 3.7.1.
>
> Any help is appreciated.

I suspect that either 

1. the server_key.pem file is not really in PEM format.
2. EAPTLS_PrivateKeyPassword is set incorrectly, so openssl cannot decrypt it 
the private key properly.

Probably the second is the most likely.

Hope that helps.

Cheers.


>
> Simon Gao
>
>
> Fri Nov 14 10:37:41 2003: ERR: TLS could not use_PrivateKey_file
> %D/cert/server_key.pem, 1: 11051: 1 - error:0906D06C:PEM
> routines:PEM_read_bio:no start
>  line
>  11051: 2 - error:0D06B078:asn1 encoding routines:ASN1_get_object:header
> too long
>  11051: 3 - error:0D09D082:asn1 encoding routines:d2i_RSAPrivateKey:parsing
>  11051: 4 - error:0D09B00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
>  11051: 5 - error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib
>  11051: 6 - error:140B0009:SSL
> routines:SSL_CTX_use_PrivateKey_file:missing asn1 eos
>
> Fri Nov 14 10:37:41 2003: DEBUG: EAP result: 1, EAP TLS Could not
> initialise context
> Fri Nov 14 10:37:41 2003: INFO: Access rejected for sgao: EAP TLS Could
> not initialise context
> Fri Nov 14 10:37:41 2003: INFO: Access rejected for sgao: EAP TLS Could
> not initialise context
>
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list