Problem setting up EAP-TLS with hostap

Alan DeKok aland at deployingradius.com
Sun Jan 12 14:07:24 CET 2014


Chris Anderson wrote:
> When I run freeradius with the -X option I get the following log

  Attaching it in-line or as a ".txt" file would have been friendlier.

  Anyways, the key lines are:

[tls] <<< TLS 1.0 Alert [length 0002], fatal decrypt_error
TLS Alert read:fatal:decrypt error
    TLS_accept: failed in SSLv3 read client certificate A
rlm_eap: SSL error error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1
alert decrypt error


  Your certificates / CA don't match.  SSL isn't magic, but it fragile.

  Follow the instructions on my web site: http://deployingradius.com/

  Once you have it working with test certificates, then follow the
*same* procedure with real certificates.  It *will* work.

  The only way to keep SSL happy is a careful application of procedure.
 If you skip a step, then the certificate chain doesn't make sense to
SSL, and it will fail.

  Alan DeKok.


More information about the Freeradius-Users mailing list