LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 11-27-2006, 08:00 PM   #1
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,113

Rep: Reputation: 57
Key Generation and Freeradius


I am trying to create root CA certificate,CA server certificate, CA clients by using CA.root, CA.srv, CA.client scripts that I downloaded from Freeradius.org following these directions:

http://www.hep.phys.soton.ac.uk/~jhe...IUS-HOWTO.html

I cannot get the CA.root script to work. I get this error:

PHP Code:
[root@localhost pki]# ./CA.root
****************************************************************
Creating self-signed private key and certificate
When prompted override the 
default value for the Common Name
      field
****************************************************************

req [options] <infile >outfile
where options  are
 
-inform arg    input format DER or PEM
 
-outform arg   output format DER or PEM
 
-in arg        input file
 
-out arg       output file
 
-text          text form of request
 
-pubkey        output public key
 
-noout         do not output REQ
 
-verify        verify signature on REQ
 
-modulus       RSA modulus
 
-nodes         don't encrypt the output key
 -engine e      use engine e, possibly a hardware device
 -subject       output the request'
s subject
 
-passin        private key password source
 
-key file      use the private key contained in file
 
-keyform arg   key file format
 
-keyout arg    file to send the key to
 
-rand file:file:...
                
load the file (or the files in the directoryinto
                the random number generator
 
-newkey rsa:bits generate a new RSA key of 'bits' in size
 
-newkey dsa:file generate a new DSA keyparameters taken from CA in 'file'
 
-[digest]      Digest to sign with (md5sha1md2mdc2md4)
 -
config file   request template file.
 -
subj arg      set or modify request subject
 
-multivalue-rdn enable support for multivalued RDNs
 
-new           new request.
 -
batch         do not ask anything during request generation
 
-x509          output a x509 structure instead of a certreq.
 -
days          number of days a certificate generated by -x509 is valid for.
 -
set_serial    serial number to use for a certificate generated by -x509.
 -
newhdr        output "NEW" in the header lines
 
-asn1-kludge   Output the 'request' in a format that is wrong but some CAs
                have been reported 
as requiring
 
-extensions .. specify certificate extension section (override value in config 
file
)
 -
reqexts ..    specify request extension section (override value in config file
)
 -
utf8          input characters are UTF8 (default ASCII)
 -
nameopt arg    various certificate name options
 
-reqopt arg    various request text options 
what gives?
 
Old 11-27-2006, 08:01 PM   #2
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,113

Original Poster
Rep: Reputation: 57
here is the contents of the CA.root file:

PHP Code:
#!/bin/sh

OPENSSL=/usr/bin/openssl
CAPL
=/usr/sbin/CA.pl
KEYGEN
=/usr/sbin/dns-keygen
PASSDIR
=pass
DERDIR
=der
P12DIR
=p12
PEMDIR
=pem

PASSWD
=$1

mkdir 
-p $PEMDIR $P12DIR $DERDIR $PASSDIR

if [ -"${PASSWD}"]; then
        
echo "No root password specified, trying $PASSDIR/root.pass."
        
if [ -a $PASSDIR/root.pass ]; then
                PASSWD
=`cat $PASSDIR/root.pass`
        else
                echo 
"Not found. Generating password, see $PASSDIR/root.pass for contents."
                
PASSWD=`$KEYGEN | head -c 32`
                
cat /dev/null $PASSDIR/root.pass
                
echo $PASSWD >> $PASSDIR/root.pass
        fi
fi

rm 
-rf demoCA

$OPENSSL req 
-new -x509 -days $VALIDFOR -keyout $PEMDIR/newreq.pem -out 
    $PEMDIR
/newreq.pem -passin pass:$PASSWD -passout pass:$PASSWD
echo "${PEMDIR}/newreq.pem" $CAPL -newca >/dev/null
$OPENSSL pkcs12 
-export -in demoCA/cacert.pem -inkey $PEMDIR/newreq.pem -out 
    $P12DIR
/root.p12 -cacerts -passin pass:$PASSWD -passout pass:$PASSWD
$OPENSSL pkcs12 
-in $P12DIR/root.p12 -out $PEMDIR/root.pem -passin 
    pass
:$PASSWD -passout pass:$PASSWD
$OPENSSL x509 
-inform PEM -outform DER -days $VALIDFOR -in $PEMDIR/root.pem 
    
-out $DERDIR/root.der -passin pass:$PASSWD

rm 
-rf $PEMDIR/newreq.pem 
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Smart Key Signature ERRORS! How do I delete this bad key from my computer? Balarabay1 Linux - Software 4 09-27-2006 11:01 AM
where is freeradius barrythai Suse/Novell 1 03-04-2005 12:53 PM
freeradius Jorgr Linux - Software 1 02-23-2005 02:31 AM
certificate generation and FreeRADIUS setup ahuebel Linux - Wireless Networking 1 12-19-2003 05:01 PM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 07:25 AM


All times are GMT -5. The time now is 09:14 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration