Hi...
as i see log says , "Error: TLS Alert read:fatal:unknown CA" . and you need to specify the certificate Authority in your client when testing.
Certifcate authority is a File called "CA.pem" once you added to the client error should go away. And make sure debian sever hostname should be same as "commonName" specified in server.cnf
Thank You
hello, thanks for the tip, although unfortunately im am still getting problems :( have included the out of eapol_test right here http://pastebin.com/8iKsCUfn and also what shows up in the freeradius logs as well (have included the file names that i currently have in in my /etc/freeradius/certs directory) http://pastebin.com/MtQDVaWL, would you guys know of anything that I could do to resolve this? it actually seems like the same problem that i've been having with the other solutions that I have tried earlier on (yesterday and today), thanks again for the help too
On Fri, Sep 14, 2012 at 9:17 PM, val john <valjohn1647@gmail.com> wrote:Download the tar.gz file form freeradius , in that file , in folder "freeradius-server-xxx/raddb/certs" provide very easy way generate certs (./bootstrap) , just copy its its content to the freeradius in debian "/etc/freeradius/certs/"
Thank you----------- Forwarded message ----------
From: austin wonderly <lacrosse1991@gmail.com>
Date: 15 September 2012 03:23
Subject: generating ssl certs in debian squeeze
To: freeradius-users@lists.freeradius.org
Hello, I was wondering if anyone knew of any tutorials for generating ssl certificates for freeradius in debian squeeze? Have been trying to find a method that would work over the last few days and have not found a solution yet (have probably spent around 6-7 hrs just getting this part to work so far), I am trying to setup a radius server to provide eap-ttls authentication for a non public network (windows machines, as well linux based machines would be on the network), if someone could point me in the right direction though or possibly offer some advice I would really appreciate it as i've pretty much exhausted my options at this point in time. having said that, would there be any downsides to just using the "snakeoil" certificates in this type of configuration? thanks
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html