Certificates Validadtion
Fernando Calvelo Vazquez
fernando.calvelo at esrf.fr
Tue Nov 10 14:08:02 CET 2009
Hi,
I'm trying to perform a EAP-TTLS Radius Authentication by using the
server certificates.
So, from my windows laptop I have selected at the "Step 2: TTLS Server"
--> "Validate Server Certificate"
I have follow the steps at
http://wiki.freeradius.org/WPA_HOWTO#HOWTO_Do_It:_An_Outline
But the server response is....
.....
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert read:fatal:unknown CA
TLS_accept:failed in SSLv3 read client certificate A
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca
rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
rlm_eap: SSL error error:140940E5:SSL routines:SSL3_READ_BYTES:ssl
handshake failure
rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails.
eaptls_process returned 13
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 2
modcall: leaving group authenticate (returns reject) for request 2
auth: Failed to validate the user.
.....
Any idea of where is the mistake?
Thanks in advance.
More information about the Freeradius-Users
mailing list