(RADIATOR) Using CA certificate from Windows 2003 Server CA?

Pickett, John jpickett at acs.utah.edu
Thu Aug 26 16:58:27 CDT 2004


Hello all,

We're trying to setup PEAP w/ MS-CHAPv2 and have it working 100% with
the demo certificates if we choose not to validate them.  We're now
trying to switch to our own internal certificates generated by Windows
2003 CA.  I have been able to successfully request a certificate for the
Radiator server and convert it to PEM format via OpenSSL.  However, when
I've downloaded the CA certificate (.cer file) and try to convert it to
PEM, I get the following:

C:\>c:\OpenSSL\bin\openssl.exe rsa -inform DER -outform PEM -in
c:\certnew.cer -out c:\certnew.pem

unable to load Private Key
2240:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:.\crypto\asn1\tasn_dec.c:946:
2240:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested
asn1 error:.\crypto\asn1\tasn_dec.c:628:
2240:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1
error:.\crypto\asn1\tasn_dec.c:566:Field=version, Type=RSA
2240:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1
lib:.\crypto\asn1\d2i_pr.c:96:

It seems weird that you'd want to distribute the private key of your CA
to anyone, even if they just need to convert it to another format?
Granted I don't understand certificates all that well, but if someone
can help me convert a CA cert from Win2k3 to PEM I'd be greatly
appreciative.  Thank you,

John Pickett
University of Utah

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list