Validate server certificate problem
Petar Marinkovic
highl1 at gmail.com
Tue Aug 9 19:17:11 CEST 2011
Windows clients are on the domain, so the user cert and the CA are added by
default when you join the machine to the domain
On Tue, Aug 9, 2011 at 18:29, Sallee, Stephen (Jake)
<Jake.Sallee at umhb.edu>wrote:
> I believe you need to install the server cert and any intermediate certs
> on the client before the validate server cert option will work.****
>
> ** **
>
> Jake Sallee****
>
> Godfather of Bandwidth****
>
> System Engineer****
>
> University of Mary Hardin-Baylor****
>
> 900 College St.****
>
> Belton, Texas****
>
> 76513****
>
> Fone: 254-295-4658****
>
> Phax: 254-295-4221****
>
> ** **
>
> *From:* freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org[mailto:
> freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org] *On
> Behalf Of *Petar Marinkovic
> *Sent:* Tuesday, August 09, 2011 11:16 AM
> *To:* freeradius-users at lists.freeradius.org
> *Subject:* Validate server certificate problem****
>
> ** **
>
> I've set up latest version of FreeRadius from source on Ubuntu, and I
> cannot get EAP-TLS and PEAP to work when the option "Validate server
> certificate" is on. We're using Windows CA to be able to auth users on the
> domain. I saw this old article
> http://lists.freeradius.org/mailman/htdig/freeradius-users/2006-October/msg00515.html on
> how to generate server certificate, but that fails for me in both ways****
>
> 1st fails because of a missing template on Windows CA - how to create the
> template to match what freeradius needs?****
>
> 2nd fails with the following error CA certificate and CA private key do not
> match****
>
> 2634:error:0B080074:x509 certificate routines:X509_check_private_key:key
> values mismatch:x509_cmp.c:406:****
>
> That's strange, cause CA cert and CA private key are in the same file (as
> noted in the text) and I didn't mistake the password (since I followed the
> message blindly, with the same password).****
>
> ** **
>
> When I untick the "Validate server certificate" in Windows clients (XP,
> Windows 7) I'm able to connect with both EAP-TLS and PEAP****
>
> ** **
>
> Any help is appreciated, thanks in advance.****
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110809/38e5a24b/attachment.html>
More information about the Freeradius-Users
mailing list