Error Reading Private Key File Server.pem
[ thread ] [ subject ] [ author ] Hi, I have freeradius server ( ver. 2.1.10 ) compiled with openssl-0.9.8l. Now by method given in raddb/certs I created the certificates on a machine having OpenSSL 1.0.0e. After loading ca.pem,server.pem & private.pem ( which is copy of server.pem ) certificates under raddb/certs and then starting the radius server I got this error just after eap module. Is this due to different openssl versions? Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/raddb/eap.conf eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/raddb/certs" pem_file_type = yes private_key_file = "/etc/raddb/certs/private.pem" certificate_file = "/etc/raddb/certs/server.pem" CA_file = "/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/raddb/certs/dh" random_file = "/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/raddb/certs/bootstrap" cache { enable = no lifetime = 24 max_entries = 255 } verify { } } rlm_eap: SSL error error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe algorithm rlm_eap_tls: Error reading private key file /etc/raddb/certs/private.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module "eap" /etc/raddb/sites-enabled/inner-tunnel[236]: Failed to load module "eap". /etc/raddb/sites-enabled/inner-tunnel[189]: Errors parsing authenticate section. Thanks & Regards, Prateek -------------- next part -------------- An HTML attachment was scrubbed... URL:
pfSense 2.1 Beta1 « previous next » Print Pages: [1] Go Down Author Topic: Can't able to start FreeRadius2 on pfSense 2.1 Beta1 (Read 5824 times) 0 Members and 2 Guests are viewing this topic. jek Newbie Posts: 9 Karma: +0/-0 Can't able to start FreeRadius2 on pfSense 2.1 Beta1 « on: February 14, 2013, 05:24:56 am » hi,I have installed freeradius2 from available packages in pfSense 2.1 Beat 2.1 , but its status shows "stop" in status->services. Can any one help to solve this problem.Thanks in advance! Logged http://lists.freeradius.org/pipermail/freeradius-users/2012-October/063423.html Nachtfalke Hero Member Posts: 2887 Karma: +26/-0 Re: Can't able to start FreeRadius2 on pfSense 2.1 Beta1 « Reply #1 on: February 14, 2013, 07:30:59 am » Did you configure freeradius2 ?In general it should start after you add a listening interface.If it is not running, enable logging and show what syslog tells you or run freeradius in https://forum.pfsense.org/index.php?topic=58901.0 debug mode from console with:radiusd -X Logged jek Newbie Posts: 9 Karma: +0/-0 Re: Can't able to start FreeRadius2 on pfSense 2.1 Beta1 « Reply #2 on: February 14, 2013, 11:43:55 pm » Ya I have configured FreeRadius2 after installation and also assigned listening interface.After trying "radiusd -X" to debug... bellow logs generated.Feb 15 05:39:31 radiusd[25590]: rlm_eap: SSL error error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decryptFeb 15 05:39:31 radiusd[25590]: rlm_eap_tls: Error reading private key file /usr/pbi/freeradius-amd64/etc/raddb/certs/server.pemFeb 15 05:39:31 radiusd[25590]: rlm_eap: Failed to initialize type tlsFeb 15 05:39:31 radiusd[25590]: /usr/pbi/freeradius-amd64/etc/raddb/eap.conf[2]: Instantiation failed for module "eap"Feb 15 05:39:31 radiusd[25590]: /usr/pbi/freeradius-amd64/etc/raddb/sites-enabled/default[342]: Failed to find "eap" in the "modules" section.Feb 15 05:39:31 radiusd[25590]: /usr/pbi/freeradius-amd64/etc/raddb/sites-enabled/default[277]: Errors parsing authenticate section. « Last Edit: February 14, 2013, 11:46:31 pm by jek » Logged pszafer Jr. Member Posts: 58 Karma: +1/-0 Re: Can't able to start FreeRadius2 on pfSense 2.1 Beta1 « Reply #3 on: February 15, 2013, 01:22:46 am » From: http://freeradius.1045715.n5.nabble.com/trouble-seting-up-freeradius-td2768016.htmlStraight answer: Password you put in the configuration file of eap.conf have to be same the as the
Please enter a title. You can not post a blank message. Please type your message and try again. 8 Replies Latest reply: Feb 22, 2013 2:59 AM by Aidan Clarke Can't import an https://splash.riverbed.com/thread/5133 SSL Certificate through the CLI Dean Reilly Feb 13, 2013 3:59 AM I'm trying to import an ssl certificate through the CLI using: Catalog.SSL.Certificates.importCertificate ["Example Certificate"] [ { private_key: "/tmp/example.local.pem", public_cert: "/tmp/example.local.cert" } ] But I get the error message: Private key for 'Example Certificate' does not appear to be a valid RSA private key in PEM format. I can error reading import the certificate fine through the web ui and the riverbed cert tool says the certificate is fine.Am I missing something? 3251Views Tags: none (add) Re: Can't import an SSL Certificate through the CLI Dean Reilly Feb 13, 2013 4:09 AM (in response to Dean Reilly) So I've dug through the perl and it looks like I should be error reading private passing through the content of those files. Report Abuse Like Show 0 Likes (0) Re: Re: Can't import an SSL Certificate through the CLI Aidan Clarke Feb 13, 2013 4:37 AM (in response to Dean Reilly) Dean When I see this error in the GUI (which is really doing the same thing AFAIK) I usually convert the key format using openssl:Try this and see how you go.... openssl rsa -in my-private-key.pem -text Report Abuse Like Show 0 Likes (0) Re: Can't import an SSL Certificate through the CLI Dean Reilly Feb 13, 2013 4:48 AM (in response to Aidan Clarke) The issue does seem to be you need to provide the contents of the key file to zcli. Now I can't work out how to split a command over multiple lines. If I try inputting the key and certificate as one line the riverbed cert tool fails to recognise them as being valid. It outputs: Error reading key file:Invalid format, no '-----END' found Report Abuse Like Show 0 Likes (0) Re: Can't import an SSL Certificate thro