[RADIATOR] openssl certificate problems

Hugh Irvine hugh at open.com.au
Thu Feb 4 16:36:01 CST 2010

Hello Corey -

You will find full working example configuration files in "goodies/eap_*.cfg".

You will also find a script for generating certificates in "goodies/mkcertificate.sh".

Unfortunately the example certificates in the Radiator 4.5.1 distribution have expired, however Radiator 4.6 will be released shortly with new certificates.



On 5 Feb 2010, at 09:03, Corey Gray wrote:

> Hi everyone.
>   I almost have radius working…. Almost, it seems that I need a CA to get it to authenticate via EAP even to itself. Can I generate this through openssl?  I haven’t got EAPTLS_CAPath or EAPTLS_CAFile set yet. I know these are required. Just wonderinf if I need a signed SSL certificate from my windows domain or one from I can generate from openssl.
> Foreground
> LogStdout
> BindAddress
> LogDir          /var/log/radius
> DbDir           /etc/radiator
> # Use a low trace level in production systems. Increase
> # it to 4 or 5 for debugging, or use the -trace flag to radiusd
> Trace           4
> # You will probably want to add other Clients to suit your site,
> # one for each NAS you want to work with
> <Client DEFAULT>
>         Secret  *****************
>         DupInterval 0
> </Client>
> <Realm DEFAULT>
> <AuthBy FILE>
>         Filename %D/users
>         EAPType PEAP
>         #EAPTLS_CAPath /root/openssl-0.9.8l/apps/
>         #EAPTLS_CAFile
> </AuthBy>
> # Log accounting to a detail file
> AcctLogFileName %L/detail
> #<AuthBy KRB5>
> #               KrbRealm = TSA
> #       </AuthBy>
> #</Realm>
> ERR: TLS could not load_verify_locations , :  5627: 1 - error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library
> Any help is greatly appreciated
> __________ Information from ESET NOD32 Antivirus, version of virus signature database 4836 (20100204) __________
> The message was checked by ESET NOD32 Antivirus.
> http://www.eset.com
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list