<div>Thanks for your teaching!</div>
<div>I understand more and more about the keying.</div>
<div> </div>
<div>I follow your guide last mail,</div>
<div>combine server.pem and server.key to server-combined.pem,</div>
<div>and then put it into /usr/local/etc/raddb/certs/.</div>
<div>ca.pem also place to right side.</div>
<div> </div>
<div>What I set in eap.conf is:</div>
<div>tls {</div>
<div> private_key_password = whatever</div>
<div> private_key_file = ${raddbdir}/certs/server-combined.pem</div>
<div> certificate_file = ${raddbdir}/certs/server-combined.pem</div>
<div> CA_file = ${raddbdir}/certs/demoCA/ca.pem</div>
<div> dh_file = ${raddbdir}/certs/dh</div>
<div> random_file = /dev/urandom</div>
<div> fragment_size = 1024</div>
<div>}</div>
<div> </div>
<div>After setup, I start radius by "radiusd -f -X"</div>
<div>but it can not work normally.</div>
<div>The screen shows:</div>
<div> </div>
<div>(above is eliminated)</div>
<div>Module: Loaded eap<br> eap: default_eap_type = "ttls"<br> eap: timer_expire = 60<br> eap: ignore_unknown_eap_types = no<br> eap: cisco_accounting_username_bug = no<br>rlm_eap: Loaded and initialized type md5
<br>rlm_eap: Loaded and initialized type leap<br> gtc: challenge = "Password: "<br> gtc: auth_type = "PAP"<br>rlm_eap: Loaded and initialized type gtc<br> tls: rsa_key_exchange = no<br> tls: dh_key_exchange = yes
<br> tls: rsa_key_length = 512<br> tls: dh_key_length = 512<br> tls: verify_depth = 0<br> tls: CA_path = "(null)"<br> tls: pem_file_type = yes<br> tls: private_key_file = "/usr/local/etc/raddb/certs/server-
combined.pem"<br> tls: certificate_file = "(null)"<br> tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/ca.pem"<br> tls: private_key_password = "whatever"<br> tls: dh_file = "/usr/local/etc/raddb/certs/dh"
<br> tls: random_file = "/dev/urandom"<br> tls: fragment_size = 1024<br> tls: include_length = yes<br> tls: check_crl = no<br> tls: check_cert_cn = "(null)"<br> tls: cipher_list = "(null)"<br>
tls: check_cert_issuer = "(null)"<br>rlm_eap_tls: Loading the certificate file as a chain<br>rlm_eap: SSL error error:0200100E:system library:fopen:Bad address<br>rlm_eap_tls: Error reading certificate file<br>
rlm_eap: Failed to initialize type tls<br>radiusd.conf[10]: eap: Module instantiation failed.<br>radiusd.conf[1960] Unknown module "eap".<br>radiusd.conf[1907] Failed to parse authenticate section.</div>
<div> </div>
<div>If I change the private_key_file and certificate_file back to original file "cert-srv.pem",</div>
<div>it can work normally.</div>
<div>For this reason, </div>
<div>is there something I have to replace but not yet?</div>
<div>Or something I set is mismatch?</div>
<div> </div>
<div> </div>