cert bootstrap bug? (was Re: definitely, I have a problem with eap-tls)
aland at deployingradius.com
Wed Aug 20 08:03:48 CEST 2008
William Hegardt wrote:
> EAP-TLS authentication fails with the "fatal unknown ca" message.
The server cert may need to be marked with "CA:true"
> If I hack the Makefile like Sergio mentioned last month to sign the
> client certificate with
> the CA key, then authentication succeeds.
That can work, too.
> I'd really like to understand what's wrong. Could wpa_supplicant be
> somehow incompatible with
> the bootstrap certificate chain?
It's OpenSSL on both ends. wpa_supplicant && FreeRADIUS are just
wrappers to get the SSL data back and forth.
More information about the Freeradius-Users