EAP-TLS Authentication fails( TLS_accept: error in SSLv3 read client certificate B)
Esma Yalcinkaya
esmayalcinkayaa at gmail.com
Wed Nov 27 16:15:02 CET 2013
My application runs on glassfish server, so I import the cert files to
keystore. Also tried to import cert files to cacerts
directory(/java/jdk1.6.0_34/jre/lib/security/cacerts) but it did not work.
I import the server.crt too, and try to authenticate now, but nothing has
changed.
I am continuing to debug the logs(server logs, freeradius logs etc).
Let me ask a question, I am new at freeradius. Although this error occurs
for SSLv3 read client certificate B, there is no error occurance for
certificate A like below.
[tls] TLS_accept: SSLv3 write certificate request A
[tls] TLS_accept: SSLv3 flush data
[tls] TLS_accept: Need to read more data: SSLv3 read client certificate
A
I did not unterstand this log, what does it mean "need to read more data"?
Thanks,
On Wed, Nov 27, 2013 at 4:24 PM, Alan DeKok <aland at deployingradius.com>wrote:
> Esma Yalcinkaya wrote:
> > Then, created certificates via "bootstap", "make" and "make client"
> > commands. Import them to glassfish with keytool:
>
> Does glassfish do EAP?
>
> > However, when I sent an eap-tls authentication request, I took following
> > error:
> ...
> > TLS_accept: error in SSLv3 read client certificate B
> > rlm_eap: SSL error error:140890C7:SSL
> > routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
>
> The end user system isn't sending over a client certificate.
>
> > I read a lot about this issue, but I could not figure out what is
> missing.
>
> You'll have to debug the non-FreeRADIUS portion. It's the one which
> is causing the authentication to fail. See it's debugging logs for
> details.
>
> You may need to install the server cert on it, tho that shouldn't be
> necessary.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20131127/ed20128c/attachment.html>
More information about the Freeradius-Users
mailing list