20 Aug
2008
20 Aug
'08
2:03 a.m.
William Hegardt wrote:
EAP-TLS authentication fails with the "fatal unknown ca" message.
The server cert may need to be marked with "CA:true"
If I hack the Makefile like Sergio mentioned last month to sign the client certificate with the CA key, then authentication succeeds.
That can work, too.
I'd really like to understand what's wrong. Could wpa_supplicant be somehow incompatible with the bootstrap certificate chain?
It's OpenSSL on both ends. wpa_supplicant && FreeRADIUS are just wrappers to get the SSL data back and forth. Alan DeKok.