certificate expiration proble

stefan.paetow at diamond.ac.uk stefan.paetow at diamond.ac.uk
Fri Jul 19 12:57:28 CEST 2013 

Have you opened the certificates you believe to be the latest in something else (like Windows perhaps) and checked that the expiry dates of these certificates is correct?

And have you checked that your server's time is correct too?

Stefan


From: freeradius-users-bounces+stefan.paetow=diamond.ac.uk at lists.freeradius.org<mailto:freeradius-users-bounces+stefan.paetow=diamond.ac.uk at lists.freeradius.org> [mailto:freeradius-users-bounces+stefan.paetow=diamond.ac.uk at lists.freeradius.org] On Behalf Of Muhammad Nadeem
Sent: 19 July 2013 11:24
To: FreeRadius users mailing list
Subject: Re: certificate expiration proble

thanx for you reply, but as i said certificates are ok. Please see this log

[tls] --> User-Name = 0026826172C4 at test_cpe.com<mailto:0026826172C4 at test_cpe.com>
[tls] --> BUF-Name = wi-tribe Pakistan Certification Authority
[tls] --> subject = /C=PK/ST=Fedral Capital/L=Islamabad/O=wi-tribe Pakistan limited/OU=Network Operations/CN=wi-tribe Pakistan Certification Authority/emailAddress=pkwinoc at pk.wi-tribe.com<mailto:pkwinoc at pk.wi-tribe.com>
[tls] --> issuer  = /C=PK/ST=Fedral Capital/L=Islamabad/O=wi-tribe Pakistan limited/OU=Network Operations/CN=wi-tribe Pakistan Certification Authority/emailAddress=pkwinoc at pk.wi-tribe.com<mailto:pkwinoc at pk.wi-tribe.com>
[tls] --> verify return:1
--> verify error:num=10:certificate has expired
[tls] >>> TLS 1.0 Alert [length 0002], fatal certificate_expired
TLS Alert write:fatal:certificate expired
    TLS_accept: error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

thanks

On Fri, Jul 19, 2013 at 2:58 PM, <A.L.M.Buxey at lboro.ac.uk<mailto:A.L.M.Buxey at lboro.ac.uk>> wrote:
Hi,

>    I am trying to configure eap with some customized certificates, I have
>    configured eap.config correctly.
>    But I am getting the error of "certificate expired". Although i have the
>    latest certificates.
certificate has expired. FreeRADIUS has no reason to lie.

check the startup output of 'radiusd -X' - look for when it loads the certs.
then use openssl to read those certs to see what the values are - server cert,
CA cert....or client cert. whatever you're using eg

openssl x509 -in server.pem -noout -text

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



--
Best Regards
Muhammad Nadeem
Muhammad Ali Jinnah University



-- 

This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail.

Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd. 

Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message.

Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom

 







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130719/6cf5a710/attachment.html>

More information about the Freeradius-Users mailing list