LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 12-13-2007, 08:40 PM   #1
dhonnoll78
LQ Newbie
 
Registered: Dec 2007
Posts: 5

Rep: Reputation: 0
Newb and cant generate Certs


Okay This is for my wireless network but I feel it fits best here. I can't generate my Certs so that I can start radiusd. Here is my first script CA.root. i got it from one of those cut and paste sites and still had to add a few \ just to get the thing to execute. Here is what CA.root looks like
OPENSSL=/usr/bin/openssl
CAPL=<span class="comment hl">(/etc/pki/tls/misc/<span class="filename">CA.pl</span>)</span>\
KEYGEN=/usr/sbin/dns-keygen
PASSDIR=/pass/root.pass
DERDIR=der
P12DIR=p12
PEMDIR=/pem
VALIDFOR=365
PASSWD=$1

mkdir -p $PEMDIR $P12DIR $DERDIR $PASSDIR

if [ -z "${PASSWD}" ]; then
echo "No root password specified, trying $PASSDIR/root.pass."
if [ -a $PASSDIR/root.pass ]; then
PASSWD=`cat $PASSDIR/root.pass`
else
echo "Not found. Generating password, see $PASSDIR/root.pass for contents."
PASSWD=`$KEYGEN | head -c 32`
cat /dev/null > $PASSDIR/root.pass
echo $PASSWD >> $PASSDIR/root.pass
fi
fi

rm -rf demoCA

$OPENSSL req -new -x509 -days $VALIDFOR -keyout $PEMDIR/newreq.pem -out \
$PEMDIR/newreq.pem -passin pass:$PASSWD -passout pass:$PASSWD
echo "${PEMDIR}/newreq.pem" | $CAPL -newca >/dev/null
$OPENSSL pkcs12 -export -in certs/demoCA/cacert.pem -inkey $PEMDIR/newreq.pem -out \
$P12DIR/root.p12 -cacerts -passin pass:$PASSWD -passout pass:$PASSWD
$OPENSSL pkcs12 -in $P12DIR/root.p12 -out $PEMDIR/root.pem -passin \
pass:$PASSWD -passout pass:$PASSWD
$OPENSSL x509 -inform PEM -outform DER -days $VALIDFOR -in $PEMDIR/root.pem \
-out $DERDIR/root.der -passin pass:$PASSWD

rm -rf $PEMDIR/newreq.pem

Here is the output when I try to run it
[root@nicaragua raddb]# ./CA.root [passwd#123]
./CA.root: process substitution: line 2: syntax error near unexpected token `newline'
./CA.root: process substitution: line 2: `/etc/pki/tls/misc/<span class="filename">CA.pl</span>'
./CA.root: line 2: span: No such file or directory
mkdir: `/pass/root.pass' exists but is not a directory
Generating a 1024 bit RSA private key
............++++++
.................................................................................................... .........................++++++
writing new private key to '/pem/newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:MS
Locality Name (eg, city) [Newbury]:Horn Lake
Organization Name (eg, company) [My Company Ltd]:mywireless
Organizational Unit Name (eg, section) []:home
Common Name (eg, your name or your server's hostname) []:
Email Address []:myemail@mydomain.net
./CA.root: line 29: -newca: command not found
No certificate matches private key
22713:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:
unable to load certificate
22714:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:644:Expecting: TRUSTED CERTIFICATE
[root@nicaragua raddb]#

Any clues anyone?
 
Old 12-25-2007, 04:58 PM   #2
comprookie2000
Gentoo Developer
 
Registered: Feb 2004
Location: Fort Lauderdale FL.
Distribution: Gentoo
Posts: 3,291
Blog Entries: 5

Rep: Reputation: 54
What distro?
post your radiusd.conf
To generate a new key;
Not sure about your script I use this;
http://www.openssl.org/docs/HOWTO/certificates.txt
 
Old 12-26-2007, 02:17 PM   #3
dhonnoll78
LQ Newbie
 
Registered: Dec 2007
Posts: 5

Original Poster
Rep: Reputation: 0
Thanks comprookie I am using FC5, followed the perfect setup install instructions for ISP config, added firestarter, and added radiusd. will post radiusd.conf file later
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Should I get an A+ before my Linux certs??? anon.alias Linux - Certification 3 12-03-2006 01:14 PM
novell certs ? age_oflegend General 0 09-16-2006 06:53 AM
Unix certs Linux certs and jobs bru Linux - Certification 1 11-18-2004 10:41 AM
Which certs are valuable? sandboy6184 Linux - Certification 2 11-15-2004 08:22 AM
The first step to ascending newb status, acknowledging you're a newb :P LordRaven LinuxQuestions.org Member Intro 1 08-24-2004 05:05 PM


All times are GMT -5. The time now is 06:29 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration