<div dir="ltr"><div>Hi Ryan,</div><div><br></div><div>As far as I remember, Windows does not support wildcard certificates. </div><div><br></div><div>Regards</div><br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Message: 5<br>
Date: Fri, 23 May 2014 16:48:41 +0200<br>
From: Ryan De Kock <<a href="mailto:ryandekock1988@gmail.com">ryandekock1988@gmail.com</a>><br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Subject: Wild Card GoDaddy cert<br>
Message-ID:<br>
<<a href="mailto:CANek%2BE1Fm%2B_zWfbcyz2Nuax%2BBXp2O7czOteSXoNq09xfi7p6JA@mail.gmail.com">CANek+E1Fm+_zWfbcyz2Nuax+BXp2O7czOteSXoNq09xfi7p6JA@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi,<br>
<br>
I have a wildcard cert from <a href="http://godaddy.com" target="_blank">godaddy.com</a>.<br>
<br>
I have tested the cert on Microsoft NPS & IAS and it works fine.<br>
<br>
I'm sure it will work in freeradius too, however I can't figure it out.<br>
<br>
I have godaddy.crt bundl.e.crt & godaddy.key.<br>
<br>
I have added these to freeradius however it does work.<br>
<br>
This is what windows does when I don't validate certificates<br>
<br>
[eap] Request found, released from the list<br>
[eap] EAP/peap<br>
[eap] processing type peap<br>
[peap] processing EAP-TLS<br>
TLS Length 37<br>
[peap] Length Included<br>
[peap] eaptls_verify returned 11<br>
[peap] <<< TLS 1.0 Alert [length 0002], fatal access_denied<br>
TLS Alert read:fatal:access denied<br>
[peap] WARNING: No data inside of the tunnel.<br>
[peap] eaptls_process returned 7<br>
[peap] EAPTLS_OK<br>
[peap] Session established. Decoding tunneled attributes.<br>
[peap] Peap state ?<br>
[peap] FAILED processing PEAP: Tunneled data is invalid.<br>
[eap] Handler failed in EAP/peap<br>
[eap] Failed in EAP select<br>
++[eap] returns invalid<br>
Failed to authenticate the user.<br>
} # server Cerebus<br>
<br>
This is a successfull auth on my linux client<br>
<br>
<br>
<br>
[eap] Request found, released from the list<br>
[eap] EAP/peap<br>
[eap] processing type peap<br>
[peap] processing EAP-TLS<br>
[peap] eaptls_verify returned 7<br>
[peap] Done initial handshake<br>
[peap] eaptls_process returned 7<br>
[peap] EAPTLS_OK<br>
[peap] Session established. Decoding tunneled attributes.<br>
[peap] Peap state send tlv success<br>
[peap] Received EAP-TLV response.<br>
[peap] Success<br>
[eap] Freeing handler<br>
++[eap] returns ok<br>
<br>
<br>
tls {<br>
<br>
certdir = ${confdir}/certs<br>
cadir = ${confdir}/certs<br>
private_key_file = ${certdir}/godaddy.key<br>
certificate_file = ${certdir}/godaddy.crt<br>
dh_file = ${certdir}/dh<br>
random_file = ${certdir}/random<br>
}<br>
<br>
<br>
So Im not sure if its got to do with no using the cert chain or what I'm<br>
doing wrong but would appreciate any guidance<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140523/f44e9846/attachment-0001.html" target="_blank">http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140523/f44e9846/attachment-0001.html</a>><br>
<br></blockquote></div></div></div>