Phil Mayers escribió:
ok :) I provide certificate files and eap.conf in a tar ball to not to post a mail too long. If I print user@example.com.pem in text form I see how radius is the issuer of the certificate. This is the default PKI and I don't know what I'm doing wrong.Sergio wrote:Sorry, I'll do the things right jejeI haven't been reading all your emails, but what I have read is very confusing. So I'm sorry if I misunderstand.The error message seems very very clear. FreeRadius cannot verify the client certificate. This means you have not given it the correct CA certificate.You keep talking about "c_rehash" - to the best of my knowledge, FreeRadius doesn't make use of a "certificate directory" with the openssl-style xxxxxxxx.0 -> real.pem symlinks. Forget about that.Can you please provide: * a copy of your eap.conf * a copy of the files from the "eap { tls {} }" section: * certificate_file * CA_file * a copy of the client cert: * user@example.com.pem -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for your attention.
Attachment:
files.tar
Description: Binary data