Hi again folks:
I have just been able to go "a bit futher" in my tests, but no so much.
My goal: Try to deploy EAP-TTLS authentication by using "Client
certificate", "Server certificate validation" and "user/password"
authentication.
Client: Windows Vista supplicant software
Test that I have succeeded at the moment:
- "Microsoft: Smart Card or other Certificate" (so... "client
certificate" & "Server Certificate Validation" works already)
- "Microsoft: EAP (PEAP)" (so... also "Server Certificate Validation" +
"EAP-MSCHAPv2" user/password works!!)
- "Intel: EAP-TTLS" with "PAP user/password" & only "Server
Certificate Validation" --> also works fine!!
But when I am trying to setup "Intel: EAP-TTLS" with "PAP
user/password", "Server Certificate Validation" + "Specify Server or
Certificate Name" I always get next error message...
[ttls] Done initial handshake
[ttls] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert read:fatal:unknown CA
TLS_accept:failed in SSLv3 read client certificate A
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca
SSL: SSL_read failed inside of TLS (-1), TLS session fails.
TLS receive handshake failed during operation
...and I guest it is not due to the "Client Certificate" because
it was succeed authenticated in the previous tests
Probably is due to I am not sure what I should write in the box
reserved for "Server or Certificate Name" (on the "Step 2 of 2" at the
supplicant windows software)
Anyone knows what I should write at this box? I could not find a
"server name" or "domain name" at the certificate (as it is explained
on the "windows in-line help")
Thanks in advance for your useful help.
Regards,
Fernando.