SSL error after updating cert
Eric Geier
me at egeier.com
Fri Oct 21 23:31:40 CEST 2011
Thanks for the reply!
Yes, the clients are set with correct time/date.
That command didn't work. Did you mean openssl verify command? I
ran that and both the old cert (still valid for a few days) and
the new cert (already valid) shows correct domain but then says:
error 20 at 0 depth lookup:unable to get local issuer certificate
This may not be the problem since I get it with both old and new
certs.
Any other ideas?
On Fri Oct 21 14:56:33 CDT 2011, James J J Hooper
<jjj.hooper at bristol.ac.uk> wrote:
> On 21/10/2011 20:44, Eric Geier wrote:
>> Hi, I?m trying to update my server?s cert, but getting errors
>> after applying it:
>>
>> Fri Oct 21 12:26:45 2011 : Error: TLS Alert
>> read:fatal:certificate
>> expired
>> Fri Oct 21 12:26:45 2011 : Error: TLS_accept:failed in SSLv3
>> read client certificate A
>> Fri Oct 21 12:26:45 2011 : Error: rlm_eap: SSL error
>> error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
>> certificate expired
>> Fri Oct 21 12:26:45 2011 : Error: rlm_eap_tls: SSL_read failed
>> inside of TLS (-1), TLS session fails.
>>
>> Says expired but I?m using the new cert, which is a renewal from
>> a
>> third-party CA and using the same private key. I apply it by
>> inserting the text of the .crt file into the server-cert.pem file
>> in the certs folder. I think that?s all I have to do and restart
>> freeradius?
>>
>
> 1) Check the date on the client system is correct
>
> 2) do:
> openssl -in /path/to/your/raddb/server-cert.pem -noout -text
> and verify the properties of the cert you have.
>
> -James
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list