There are no intermediate its a single Root CA and it is set My EAP file TLS Section I’ve commented out all but 2048ca.pem my client.pem is signed by but no difference. ca_file = ${cadir}/ca.pem # Customer CA Files: ca_file = ${cadir}/00374255/root_ca.pem # FNET CA Files: ca_file = ${cadir}/fnetCerts/CA/pem/512ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/768ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1024ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1280ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1536ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1792ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/4096ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem
On Jul 1, 2015, at 3:20 PM, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On Jul 1, 2015, at 4:58 PM, Kris Armstrong <kris.armstrong@me.com> wrote:
Hi,
I have migrated my root CA and free radius configs from FreeRadius 2.x to 3.0.4 on CentOS7. I’m receiving the following messages when attempting to authenticate the client with EAP/TLS. PEAP/MSCHPv2 works perfect.
I have tried to recreate the ROOT CA and Client cert but that produces the same error message. I’m not sure where to go from here.
Looks like you've not set ca_file? Or it doesn't contain all the intermediaries (you need to concat them into the same file).
-Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html