On Aug 4, 2016, at 11:12 PM, Matthew West <matthew.t.west@gmail.com> wrote:
Follow up to last e-mail. Needed to use a different cert chain and have uploaded that to the server. Tried to authorize again and got a similar error, below. It appears the output means that the handshake failed due to a self-signed certificate in the chain.
No. Please read *all* of the messages.
Thank you,
Matthew
[tls] Done initial handshake [tls] <<< TLS 1.0 Handshake [length 11fa], Certificate --> verify error:num=19:self signed certificate in certificate chain [tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert write:fatal:unknown CA
That's the root cause of the problem. You have a CA on the server, but haven't put the CA cert on the supplicant. You MUST do that in order to get EAP-TLS to work. See http://deployingradius.com/ for detailed instructions. Alan DeKok.