PEAP fatal bad_certificate
It seems to be not a particular question, but...
client - winxp wireless, ap - AIR-AP1131AG-E-K9, server
1.1.6. fresh install.
certificates generated according to CA.all (with
xp-extension and conversion to pkcs12)
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
private_key_password = xxxxx
private_key_file = ${raddbdir}/certs/merlin-crt.pem
certificate_file = ${raddbdir}/certs/merlin-crt.pem
CA_file = ${raddbdir}/certs/cacert.pem
dh_key_length = 1024
dh_file = ${raddbdir}/certs/dh
random_file = /dev/urandom
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 224
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal
bad_certificate
TLS Alert read:fatal:bad certificate
TLS_accept:failed in SSLv3 read client certificate A
rlm_eap: SSL error error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate
rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS
session fails.
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for
request 224
modcall: leaving group authenticate (returns reject) for
request 224
auth: Failed to validate the user.
--
Olimp, System Administrator IT Dept.
Fax. +380(62)381-3428
Tel. +380(62)381-3978-5
----
Looking forward to reading yours.
RUFF-RIPE DI76-GANDI RUFF-6BONE
Ruslan N. Marchenko
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.