new error message spotted in FR logs
alex.sharaz at york.ac.uk
Thu Apr 16 16:55:07 CEST 2020
Just been browsing our FR log files having migrated a server to Ununtu
18.06 from 16.04 and noticed the following error message
ERROR: Couldn't get issuer_cert for eapoltest2020 at york.ac.uk
epoltest2020 at york.ac.uk is a test client cert generated using our local pki
manually pused to FR via eapol_test. We've been using a version of that to
perform health checks for TLS validation
for years and I've only just noticed the above message ( running 3.0.22
doesn't matter whether I use pem files or p.12 flles in the wpa_supplicant
.conf file still get the message.
On the server, in our /etc/freeradius/mods-enabled/eap file I have a
ca_file set to a file with a list of all the root/ intermediate CAs that
might issue a client certificate. ... again that hasn't changed for a long
TBH these servers have been fit and forget for a long time, so the error
message might have been there for a while.
The client successfully auths via an OCSP validation so its not causing any
problems ..... other than its there and I feel it shouldn't be,
the ca_file specified has an extension of .chain ... but that shouldn't
matter should it ?
More information about the Freeradius-Users