Phil Mayers escribió:
Sergio wrote:
Sorry, I'll do the things right jeje
I haven't been reading all your emails, but what I have read is very confusing. So I'm sorry if I misunderstand.
The error message seems very very clear.
FreeRadius cannot verify the client certificate.
This means you have not given it the correct CA certificate.
You keep talking about "c_rehash" - to the best of my knowledge, FreeRadius doesn't make use of a "certificate directory" with the openssl-style xxxxxxxx.0 -> real.pem symlinks. Forget about that.
Can you please provide:
* a copy of your eap.conf * a copy of the files from the "eap { tls {} }" section: * certificate_file * CA_file * a copy of the client cert: * user@example.com.pem - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ok :) I provide certificate files and eap.conf in a tar ball to not to post a mail too long. If I print user@example.com.pem in text form I see how radius is the issuer of the certificate. This is the default PKI and I don't know what I'm doing wrong. Thanks for your attention.