I'm happy to be wrong about this, but in my experience, this parameter:<br><br>-CApath ca.pem<br><br>Needs to be an actual path, not a PEM CA file, where you have performed these steps:<br><br>download certificate authority cert in PEM format<br>
run c_rehash . (openssl script)<br><br><div class="gmail_quote">On Thu, May 15, 2008 at 10:37 AM, Avinash Patil <<a href="mailto:avinashapatil@gmail.com">avinashapatil@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>Hi All,</div>
<div> </div>
<div>I am trying to use authenticate one embedded WLAN device with using freeRadius server 2.0.4</div>
<div> </div>
<div>I have radiusd.conf,client.conf files as per my configuration.</div>
<div>I have created certificates using bootstrap script.Values in ca.cnf,client.cnf and server.cnf have been modified accordingly.</div>
<div> </div>
<div>I have copied ca.pem, client.pem to device filesystem.Private key has been extracted from client.pem.</div>
<div> </div>
<div>Since last week I am trying to authenticate freeradius server but I am getting error like "Unknown CA".</div>
<div>Please see attached radius logs.</div>
<div> </div>
<div>When I verify client certificate using "openssl verify -CApath ca.pem client.pem"</div>
<div>I see following error:</div>
<div> </div>
<div>Error 20 at depth 0 lookup : unable to get local issuer certificate.</div>
<div> </div>
<div>Device is already tested with Windows 2003 server's TLS(of course with different set of certificates :<) ) and it is working fine.</div>
<div>What will be possible reason behind this and where am I going wrong?</div>
<div> </div>
<div>Appreciate your help.</div>
<div> </div>
<div>Thanks and Regards,</div>
<div> </div><font color="#888888">
<div>Avinash.</div>
</font><br>-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></blockquote></div><br>