-----Original Message----- From: aland@nitros9.org [mailto:aland@nitros9.org] On Behalf Of Alan DeKok
"Dave Huff" <dbhuff@yahoo.com> wrote:
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal certificate_unknown TLS Alert read:fatal:certificate unknown
SSL is telling FreeRADIUS that the certificate sent by the client is bad. That's what I thought too, but I configured the CA, server, and client certs all on Openssl pretty much like http://www.cisco.com/en/US/products/ps6379/products_configuration_guide_chap ter09186a00805ac269.html
Windows is using the cert I installed from the linux box, at least I have a choice in ProSET. If Windows overrides for some reason, I wouldn't know...can I set a debug mode that would tell me?
You're probably doing EAP-TLS where the server has one cert, and the client has cert signed by someone else entirely. For EAP-TLS to work, the client certs have to be signed by the server cert.
Signed by the server cert or by the CA cert? I have a CA that signed the server and client certs, and the eap.conf file knows where server and CA certs are. Dan
Alan DeKok.