SSL V3 client certificate error

Thu Feb 28 10:03:06 CET 2013

This is the client telling you it doesn't trust your server ca. Setup the client correctly.

Danny Kurniawan <danny.kurniawan at fairchildsemi.com> wrote:

>Hi All,
>
>I have some intermittent issue with our Radius auth.
>OS : SLES 11
>Radius 2.1.1
>
>We get the cert from GlobalSign and use it at the 2 Radius server. So
>Server A and Server B use the same cert.
>in Server B, ometimes it works fine to authenticate and sometimes its
>failed but everything fine in Server A.
>
>Fri Feb 22 18:31:39 2013 : Auth: Login OK: [sdholakia2] (from client
>AllWirelessAP port 0 via TLS tunnel)
>Fri Feb 22 18:31:39 2013 : Auth: Login OK: [sdholakia2] (from client
>AllWirelessAP port 0 cli A0-88-B4-0F-C3-D8)
>*Fri Feb 22 18:36:30 2013 : Error: TLS Alert read:fatal:unknown CA
>Fri Feb 22 18:36:30 2013 : Error:     TLS_accept:failed in SSLv3 read
>client certificate A
>Fri Feb 22 18:36:30 2013 : Error: rlm_eap: SSL error error:14094418:SSL
>routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
>Fri Feb 22 18:36:30 2013 : Error: SSL: SSL_read failed inside of TLS
>(-1),
>TLS session fails.*
>Fri Feb 22 18:36:30 2013 : Auth: Login incorrect: [800200sq] (from
>client
>AllWirelessAP port 0 cli A0-88-B4-58-BA-8C)
>Fri Feb 22 18:37:34 2013 : Auth: Login OK: [800200sq] (from client
>AllWirelessAP port 0 via TLS tunnel)
>Fri Feb 22 18:37:34 2013 : Auth: Login OK: [800200sq] (from client
>AllWirelessAP port 0 cli A0-88-B4-0F-C3-D8)
>
>Any idea what should i check for that error?
>
>Thanks
>
>-- 
>Best Regards,
>Danny
>
>
>------------------------------------------------------------------------
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html

-- 
Sent from my mobile device, please excuse brevity and typos.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130228/925b7261/attachment-0001.html>