Radius Server and Radsecproxy Certificate problem

Ankit Prajapati prajapati.ankit85 at gmail.com
Sun Jan 4 18:22:51 CET 2015


I am trying to setup radsec using freeradius version 3.0.3.

I have generated self-signed certificate on my freeradius server using
openssl commands . I have generated CA ,client ,server. , and using same
certificate for radsecProxy.

1) Running radsec on Access Point using following command:
 ./radsecproxy -f -c radsecproxy.conf

2) Running Radius sever on Ubuntu Machine using following command :
radiusd -fxx -l stdout

Now Radius Server and RadSec able to listen on port 2083 , but not able to
make successful connection using TLS.

Getting following error on Radsec:
Jan  4 16:44:34 2015: tlsconnect: TLS: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Jan  4 16:44:36 2015: connecttcphostlist: trying to open TCP connection to
192.168.11.2 port 2083
Jan  4 16:44:36 2015: connecttcphostlist: TCP connection to 192.168.11.2
port 2083 up
Jan  4 16:44:36 2015: verify error: num=19:self signed certificate in
certificate chain:depth=1: Test Certificate Authority

and on Radius Server getting following error:
(0) Requiring client certificate
(0) Initiate
(0) (other): before/accept initialization
(0) TLS_accept: before/accept initialization
(0) <<< TLS 1.0 Handshake [length 00de], ClientHello
(0) TLS_accept: SSLv3 read client hello A
(0) >>> TLS 1.0 Handshake [length 003e], ServerHello
(0) TLS_accept: SSLv3 write server hello A
(0) >>> TLS 1.0 Handshake [length 08dd], Certificate
(0) TLS_accept: SSLv3 write certificate A
(0) >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
(0) TLS_accept: SSLv3 write key exchange A
(0) >>> TLS 1.0 Handshake [length 00a9], CertificateRequest
(0) TLS_accept: SSLv3 write certificate request A
(0) TLS_accept: SSLv3 flush data
(0) TLS_accept: Need to read more data: SSLv3 read client certificate A
(0) TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
(0) <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
(0) ERROR: TLS Alert read:fatal:unknown CA
(0) ERROR: TLS_accept: Failed in SSLv3 read client certificate A
(0) ERROR: SSL says: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca
SSL: SSL_read failed inside of TLS (-1), TLS session fails.
(0) FAILED in TLS handshake receive
Closing TLS socket from client port 46788
Client has closed connection
 ... shutting down socket auth from client (192.168.11.1, 46788) -> (*,
2083, virtual-server=default)
Waking up in 0.9 seconds.

How to resolve this  ?

-Regards
Ankit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150104/59fb1af0/attachment-0001.html>


More information about the Freeradius-Users mailing list