Hi Ryan,

As far as I remember, Windows does not support wildcard certificates. 

Regards


Message: 5
Date: Fri, 23 May 2014 16:48:41 +0200
From: Ryan De Kock <ryandekock1988@gmail.com>
To: FreeRadius users mailing list
        <freeradius-users@lists.freeradius.org>
Subject: Wild Card GoDaddy cert
Message-ID:
        <CANek+E1Fm+_zWfbcyz2Nuax+BXp2O7czOteSXoNq09xfi7p6JA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Hi,

I have a wildcard cert from godaddy.com.

I have tested the cert on Microsoft NPS & IAS and it works fine.

I'm sure it will work in freeradius too, however I can't figure it out.

I have godaddy.crt bundl.e.crt & godaddy.key.

I have added these to freeradius however it does work.

This is what windows does when I don't validate certificates

[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 37
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Alert [length 0002], fatal access_denied
TLS Alert read:fatal:access denied
[peap] WARNING: No data inside of the tunnel.
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state ?
[peap] FAILED processing PEAP: Tunneled data is invalid.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
} # server Cerebus

This is a successfull auth on my linux client



[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok


                tls {

                           certdir = ${confdir}/certs
                           cadir = ${confdir}/certs
                        private_key_file = ${certdir}/godaddy.key
                        certificate_file = ${certdir}/godaddy.crt
                        dh_file = ${certdir}/dh
                        random_file = ${certdir}/random
}


So Im not sure if its got to do with no using the cert chain or what I'm
doing wrong but would appreciate any guidance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140523/f44e9846/attachment-0001.html>