Problem with EAP-TLS and certificate
aland at deployingradius.com
Mon Jun 18 07:58:57 CEST 2012
Stephane Brodeur wrote:
> I am a newbie to Freeradius and I am having a real hard time to
> implement EAP-TLS using self-signed certificate.
Why? The server comes with scripts that create self-signed certs.
See raddb/certs. If you search google for "freeradius eap-tls howto",
the first link is this: http://freeradius.org/doc/EAPTLS.pdf
> [root at localhost CA]# eapol_test -c /opt/EAP-RADIUS/eap-tls.conf -s
> testing123, I have the following results:
Ask the wpa_supplicant people how their software works. This is the
> My problem is the following error message when running eapol_test
> TLS: Trusted root certificate(s) loaded
> OpenSSL: SSL_use_certificate_file (DER) --> OK
> OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (DER)
> failed error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
> OpenSSL: pending error: error:0D08303A:asn1 encoding
> routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
> OpenSSL: pending error: error:0D0680A8:asn1 encoding
> routines:ASN1_CHECK_TLEN:wrong tag
Well... the certificate is wrong.
If you had use the generation scripts in raddb/certs, you wouldn't
have this problem.
See also http://deployingradius.com/, which contains *detailed*
instructions for getting EAP to work.
More information about the Freeradius-Users