(RADIATOR) Using CA certificate from Windows 2003 Server CA?

Mike McCauley mikem at open.com.au
Thu Aug 26 18:51:22 CDT 2004


Hello John,


On Friday 27 August 2004 07:58, Pickett, John wrote:
> Hello all,
>
> We're trying to setup PEAP w/ MS-CHAPv2 and have it working 100% with
> the demo certificates if we choose not to validate them.  We're now
> trying to switch to our own internal certificates generated by Windows
> 2003 CA.  I have been able to successfully request a certificate for the
> Radiator server and convert it to PEM format via OpenSSL.  However, when
> I've downloaded the CA certificate (.cer file) and try to convert it to
> PEM, I get the following:

So, you can convert the generated on OK, but not the downloaded one? Does the 
downloaded one have a private key in it? Does the generated one have a 
private key in it?

Cheers.



>
> C:\>c:\OpenSSL\bin\openssl.exe rsa -inform DER -outform PEM -in
> c:\certnew.cer -out c:\certnew.pem
>
> unable to load Private Key
> 2240:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
> tag:.\crypto\asn1\tasn_dec.c:946:
> 2240:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested
> asn1 error:.\crypto\asn1\tasn_dec.c:628:
> 2240:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1
> error:.\crypto\asn1\tasn_dec.c:566:Field=version, Type=RSA
> 2240:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1
> lib:.\crypto\asn1\d2i_pr.c:96:
>
> It seems weird that you'd want to distribute the private key of your CA
> to anyone, even if they just need to convert it to another format?
> Granted I don't understand certificates all that well, but if someone
> can help me convert a CA cert from Win2k3 to PEM I'd be greatly
> appreciative.  Thank you,
>
> John Pickett
> University of Utah
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list