ttls ssl handshake error.

Sandra H. ellbom1 at gmail.com
Thu Jan 22 00:10:43 CET 2009


no not windows it was via a wifi CPE (ruckus cpe)







On Wed, Jan 21, 2009 at 5:04 PM, <tnt at kalik.net> wrote:

> >I have created all the certs etc using FR bootstrap and "make client" .. I
> >have made sure my eap.conf info is all correct..
> >Yest here is what i'm receiving in the logs , thanks for any input
> >
> >rlm_eap_ttls: Authenticate
> >  rlm_eap_tls: processing TLS
> >  eaptls_verify returned 7
> >  rlm_eap_tls: Done initial handshake
> >  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0007], Certificate
> >  rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal handshake_failure
> >TLS Alert write:fatal:handshake failure
> >    TLS_accept:error in SSLv3 read client certificate B
> >rlm_eap: SSL error error:140890C7:SSL
> >routines:SSL3_GET_CLIENT_CERTIFICATE:peer
> >did not return a certificate
> >rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
> >  eaptls_process returned 13
> >  rlm_eap: Freeing handler
> >++[eap] returns reject
> >auth: Failed to validate the user.
>
> That's Windows, right? You have properly installed the client
> certificate into the certificate store but Windows won't send it? When
> you open certificate properties it goes on about "not being able to
> validate certificate"?
>
> Try altering Makefile in raddb/certs and signing client certificate with
> ca instead of server certificate.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090121/e9d2dc6f/attachment.html>


More information about the Freeradius-Users mailing list