cert bootstrap bug? (was Re: definitely, I have a problem with eap-tls)

Alan DeKok aland at deployingradius.com
Wed Aug 20 08:03:48 CEST 2008

William Hegardt wrote:
> EAP-TLS authentication fails with the "fatal unknown ca" message.

  The server cert may need to be marked with "CA:true"

> If I hack the Makefile like Sergio mentioned last month to sign the
> client certificate with
> the CA key, then authentication succeeds.

  That can work, too.

> I'd really like to understand what's wrong. Could wpa_supplicant be
> somehow incompatible with
> the bootstrap certificate chain?

  It's OpenSSL on both ends.  wpa_supplicant && FreeRADIUS are just
wrappers to get the SSL data back and forth.

  Alan DeKok.

More information about the Freeradius-Users mailing list