[RADIATOR] TLS_CertificateChainFile within ServerRADSEC not working?

Jan Tomasek jan at tomasek.cz
Thu Apr 16 05:33:42 CDT 2015


Hello,

TLS_CAFile is for set of trusted CA. It works for me too. I need 
TLS_CertificateChainFile which is used for sending intermediate CA 
certificates to client and this causes troubles.

Jan

On 04/16/2015 11:43 AM, Waßerroth, Stephan wrote:
> Hi,
>
> This is our (working...) config for eduroam with RADSEC:
> <ServerRADSEC>
>          Port            2083
>          Protocol        tcp
>          Secret          whatever...
>          UseTLS
>          TLS_CAFile              %D/RADSEC-PKI-CA_chain.pem
>          TLS_CertificateFile     %D/server.pem	
>          TLS_CertificateType     PEM
>          TLS_PrivateKeyFile      %D/server.key
>          TLS_RequireClientCert
>          Identifier      radsec
> </ServerRADSEC>
>
> The file RADSEC-PKI-CA_chain.pem contains the whole CA-chain starting with top CA cert working down...
>
> Hope, this helps...
>
> Best regards,
> Stephan
>
> --
>     Stephan Waßerroth
> Head of Core IT-Services
> Fraunhofer-Fokus | Kaiserin-Augusta-Allee 31 | D-10589 Berlin
> e-mail: stephan.wasserroth at fokus.fraunhofer.de
>
>
>
>> -----Original Message-----
>> From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au]
>> On Behalf Of Jan Tomasek
>> Sent: Thursday, April 16, 2015 11:32 AM
>> To: radiator at open.com.au
>> Subject: [RADIATOR] TLS_CertificateChainFile within ServerRADSEC not
>> working?
>>
>> Hello,
>>
>> I'm trying configure ServerRADSEC to sent certificate chain but it wont
>> work :(
>>
>> <ServerRADSEC>
>>           Secret 			mysecret
>> 	BindAddress		::,0.0.0.0
>>
>>           UseTLS
>>           TLS_CAFile		/etc/radiator/trusted-CA.pem
>>           TLS_CertificateType	PEM
>>           TLS_CertificateFile	/etc/ssl/certs/eduroom.cesnet.cz.crt
>>           TLS_PrivateKeyFile 	/etc/ssl/private/eduroom.cesnet.cz.key
>> 	TLS_CertificateChainFile /etc/ssl/certs/TERENA_SSL_CA_2.pem
>>
>>
>> root at eduroom:/var/log/arch/radiator# cat
>> /etc/ssl/certs/TERENA_SSL_CA_2.pem
>> -----BEGIN CERTIFICATE-----
>> -----END CERTIFICATE-----
>>
>> when client connects Radiator print:
>>
>>> Thu Apr 16 11:29:29 2015: DEBUG: Stream connected to
>> 2001:718:1:6:ea94:f6ff:fe33:651e:60211
>>> Thu Apr 16 11:29:29 2015: DEBUG: StreamTLS sessionInit for
>> 2001:718:1:6:ea94:f6ff:fe33:651e
>>> Thu Apr 16 11:29:29 2015: ERR: StreamTLS could not create SSL:
>> Net::SSLeay::new failed:  17482: 1 - error:140BA0C3:SSL
>> routines:SSL_new:null ssl ctx
>>> ,Inappropriate ioctl for device
>>> Thu Apr 16 11:29:29 2015: DEBUG: New StreamServer Connection created for
>> 2001:718:1:6:ea94:f6ff:fe33:651e:60211
>>> Thu Apr 16 11:29:29 2015: DEBUG: Stream connected to
>> 2001:718:e:0:ea94:f6ff:fe3f:68d8:32903
>>> Thu Apr 16 11:29:29 2015: DEBUG: StreamTLS sessionInit for
>> 2001:718:e:0:ea94:f6ff:fe3f:68d8
>>> Thu Apr 16 11:29:29 2015: ERR: StreamTLS could not create SSL:
>> Net::SSLeay::new failed:  17482: 1 - error:140BA0C3:SSL
>> routines:SSL_new:null ssl ctx
>>> ,Inappropriate ioctl for device
>>> Thu Apr 16 11:29:29 2015: DEBUG: New StreamServer Connection created for
>> 2001:718:e:0:ea94:f6ff:fe3f:68d8:32903
>>> Thu Apr 16 11:29:30 2015: DEBUG: Stream connected to
>> 195.113.187.22:46764
>>> Thu Apr 16 11:29:30 2015: DEBUG: StreamTLS sessionInit for
>> 195.113.187.22
>>> Thu Apr 16 11:29:30 2015: ERR: StreamTLS could not create SSL:
>> Net::SSLeay::new failed:  17482: 1 - error:140BA0C3:SSL
>> routines:SSL_new:null ssl ctx
>>> ,Inappropriate ioctl for device
>>
>> Without TLS_CertificateChainFile everything works fine.
>>
>> Thanks for any help
>> --
>> -----------------------
>> Jan Tomasek aka Semik
>> http://www.tomasek.cz/
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator


-- 
-----------------------
Jan Tomasek aka Semik
http://www.tomasek.cz/


More information about the radiator mailing list