Problems importing keys and certs in Android.

clement.legoffic at kelio.com clement.legoffic at kelio.com
Mon Mar 13 08:38:06 UTC 2023


Thank you for your answer, I am now able to install my p12 file.
The next problem is now using it.
I still use the same command lines as in the Makefile to make my cert and keys (pkcs12 command are now prefixed with “-legacy” option).
When I want to use my p12 client file on an Android file I get an error in adb logcat :

wpa_supplicant: TLS - SSL error: error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE

I have found some forums that talks about the format of the keys or certs, the fact is I am using the same Makefile as everyone does for freeradius’ certs.
Is there a workaround for this error in openssl ?

Thanks in advance for your help !


De : Erwann Abalea <erwann.abalea at docusign.com>
Envoyé : vendredi 10 mars 2023 11:15
À : Le Goffic Clement <clement.legoffic at kelio.com>
Cc : openssl-users at openssl.org
Objet : Re: Problems importing keys and certs in Android.

Maybe these versions of Android can only handle the "legacy" algorithms?
Try adding the "-legacy" option when creating the PKCS#12 files.

On Fri, Mar 10, 2023 at 11:11 AM clement.legoffic at kelio.com<mailto:clement.legoffic at kelio.com> <clement.legoffic at kelio.com<mailto:clement.legoffic at kelio.com>> wrote:
Hello
I am using openssl to create my certificates for a 802.1X environnment with a freeradius server.
I use the freeradius Makefile to generate my keys and certs :
https://github.com/FreeRADIUS/freeradius-server/blob/v3.2.x/raddb/certs/Makefile<https://urldefense.com/v3/__https:/github.com/FreeRADIUS/freeradius-server/blob/v3.2.x/raddb/certs/Makefile__;!!BN3BN5aqUA!7oHKFONz_mQzi19g08SqWx0HXNHo73zc8e_3wzOvm7cmvHHrlNrE_ZPxGrs1j8ApofUkTcN09znNGna9Giln4Lqzl_3fDEQ$>
The Makefile works well and certificates too, I am able to authenticate to my Freeradius server with a embedded Linux device that has the ca cert and client cert installed.
I need to make my solution working with Android device.
So I use the p12 file generated by the Makefile on my Android phone (it contains the same priv key and certificates used by the embedded linux device)
The fact is that I cannot import my p12 file in either an Android 10 neither on an Android 13.
After asking the freeradius mailing list that told me the p12 file is working well, I was wondering if the error has already been encounter by openssl users
So, do you ever had problems importing p12 or cert/key file on android ?
Thanks,
--
Cordialement,
Erwann Abalea.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230313/e07ed674/attachment.htm>


More information about the openssl-users mailing list