Chris Anderson wrote:
When I run freeradius with the -X option I get the following log
Attaching it in-line or as a ".txt" file would have been friendlier. Anyways, the key lines are: [tls] <<< TLS 1.0 Alert [length 0002], fatal decrypt_error TLS Alert read:fatal:decrypt error TLS_accept: failed in SSLv3 read client certificate A rlm_eap: SSL error error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error Your certificates / CA don't match. SSL isn't magic, but it fragile. Follow the instructions on my web site: http://deployingradius.com/ Once you have it working with test certificates, then follow the *same* procedure with real certificates. It *will* work. The only way to keep SSL happy is a careful application of procedure. If you skip a step, then the certificate chain doesn't make sense to SSL, and it will fail. Alan DeKok.