On Dec 4, 2015, at 5:24 PM, Dennis Xu <dxu@uoguelph.ca> wrote:
I have listed all root and intermediate CAs in the eap file:
... ca_file = ${cadir}/SSL_PrimaryCA.pem ca_file = ${cadir}/SSL_SecondaryCA.pem ca_file = ${cadir}/thawte_Premium_Server_CA.pem
You do realize that doesn't work, right? Please *follow instructions*. Arran said:
So you need your server cert, and the intermediary CAs all concatenated together in the same file.
What part of that is unclear?
The server certificate and its configuration should be ok, otherwise the user authentication would fail as well.
No.
If the server is trying to valid client certificate, it will fail for sure as there is no certificate on clients and I don't think that is required for PEAP.
It's not. The client is trying to verify the server certificate and failing. Because you're not following instructions. Alan DeKok.