The EAP Saga continues.

Evan Vittitow evan at terralab.com
Tue Feb 13 08:31:05 CET 2007


I've been doing reasearch and reading, and started using a GUI for my CA
called OpenCA.

Using this, I have created some certs

cacert.pem
cacert.key (Private Key)

A variety of Host certs in the format of host-cert.pem and host-key.pem.
(A Prublic/Private key per host.)

Here is my Xsupplicant.conf

        eap_tls {
                user_key = "/etc/pki/tls/Pukey/kurama-cert.pem"
                user_key_pass = ""
                root_cert = "/etc/pki/tls/Pukey/cacert.pem"
                root_dir = "/etc/pki/tls/Pukey/"
                chunk_size = 1398
                random_file = "/dev/random/"
                session_resume = yes
And here is eap.conf's relaventy section

                        private_key_file = /etc/pki/tls/Pukey/kurama-key.pem
                        certificate_file =
/etc/pki/tls/Pukey/kurama-cert.pem
                        CA_file = /etc/pki/tls/Pukey/cacert.pem
                        dh_file = ${raddbdir}/certs/dh

This produces the following:

OpenSSL Error -- error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Library  : SSL routines
Function : SSL3_GET_SERVER_CERTIFICATE
Reason   : certificate verify failed

Help?



More information about the Freeradius-Users mailing list