EAP advanced auth. methods problem
tnt at kalik.net
tnt at kalik.net
Sun Nov 22 00:34:02 CET 2009
> So the problem is in certificate:
>
> [tls] <<< TLS 1.0 Handshake [length 038d], Certificate
> --> verify error:num=20:unable to get local issuer certificate
> [tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
That means that you haven't imported self-signed ca certificate onto the
client.
> # openssl verify -CApath ca.pem client.pem
> client.pem: /C=FR/ST=Radius/O=Example
> Inc./CN=user at example.com/emailAddress=user at example.com
> error 20 at 0 depth lookup:unable to get local issuer certificate
>
>
> I'm little bit confused, I created the client certificate using make
> client.
Which uses server certificate to sign client certificates.
> Isn't possible that freeradius Makefile is buggy?
No. Try verify with server certificate (as it is done in Makefile).
Ivan Kalik
More information about the Freeradius-Users
mailing list