<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
Hi again folks:<br>
<br>
I have just been able to go "a bit futher" in my tests, but no so much.<br>
<br>
<b>My goal</b>: Try to deploy EAP-TTLS authentication by using "Client
certificate", "Server certificate validation" and "user/password"
authentication.<br>
<b>Client:</b> Windows Vista supplicant software<br>
<br>
Test that I have succeeded at the moment:<br>
- "Microsoft: Smart Card or other Certificate" (so... "client
certificate" & "Server Certificate Validation" works already)<br>
- "Microsoft: EAP (PEAP)" (so... also "Server Certificate Validation" +
"EAP-MSCHAPv2" user/password works!!)<br>
<br>
- "Intel: EAP-TTLS" with "PAP user/password" & only "Server
Certificate Validation" --> also works fine!!<br>
But when I am trying to setup "Intel: EAP-TTLS" with "PAP
user/password", "Server Certificate Validation" + "Specify Server or
Certificate Name" I always get next error message...<br>
<br>
<tt>[ttls] Done initial handshake<br>
[ttls] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca<br>
TLS Alert read:fatal:unknown CA<br>
TLS_accept:failed in SSLv3 read client certificate A<br>
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca<br>
SSL: SSL_read failed inside of TLS (-1), TLS session fails.<br>
TLS receive handshake failed during operation<br>
<br>
</tt>...and I guest it is not due to the "Client Certificate" because
it was succeed authenticated in the previous tests<br>
Probably is due to I am not sure what I should write in the box
reserved for "Server or Certificate Name" (on the "Step 2 of 2" at the
supplicant windows software)<br>
Anyone knows what I should write at this box? I could not find a
"server name" or "domain name" at the certificate (as it is explained
on the "windows in-line help")<br>
<tt><br>
</tt>Thanks in advance for your useful help.<br>
Regards,<br>
<br>
Fernando.<br>
</body>
</html>