On Jan 4, 2015, at 12:22 PM, Ankit Prajapati <prajapati.ankit85@gmail.com> wrote:
I am trying to setup radsec using freeradius version 3.0.3.
You should upgrade to 3.0.6. It won’t fix this issue, but it’s generally netter.
I have generated self-signed certificate on my freeradius server using openssl commands . I have generated CA ,client ,server. , and using same certificate for radsecProxy
Your certificates are wrong. The debug output shows this.
(0) <<< TLS 1.0 Alert [length 0002], fatal unknown_ca (0) ERROR: TLS Alert read:fatal:unknown CA (0) ERROR: TLS_accept: Failed in SSLv3 read client certificate A
That’s pretty clear. The client certificate being presented by radsecproxy is signed by a CA. FreeRADIUS doesn’t know anything about that CA. You need to use ONE CA certificate. Put that on both systems. Then, use that CA to create a server certificate. Put that on FreeeRADIUS. Then, use that CA to create a client certificate. Put that on radsecproxy. Alan DeKok.