No solution yet. Same problem #1: https://lists.freeradius.org/pipermail/freeradius-users/2024-November/104940... Same problem #2: https://lists.freeradius.org/pipermail/freeradius-users/2023-August/103398.h... Same problem #3: https://github.com/FreeRADIUS/freeradius-server/issues/5273 OpenSSL says It's FreeRADIUS problem ( https://groups.google.com/a/openssl.org/g/openssl-users/c/qfLesr8bw_w ) FreeRADIUS says It's OpenSSL problem On 2024-11-09 00:08, Rodrigo Prieto wrote:
Hello, I have the following problem. I configured freeradius to use EAP-TLS and it works. Create the certificates with the script inside the certificates folder. The problem is that when a client connects the following error appears:
Certificate chain - 1 intermediate CA cert(s) untrusted To forbid these certificates see 'reject_unknown_intermediate_ca' (TLS) untrusted certificate with depth [1] subject name /C=AR/ST=Buenos Aires/L=Virreyes/O=Lotech/emailAddress=22@gmail.com/CN=CA-FREERADIUS (TLS) untrusted certificate with depth [0] subject name /C=AR/ST=Buenos Aires/O=Lotech/CN=11@gmail.com/emailAddress=11@gmail.com
I don't use intermediate AC. I ran c_rehash inside the certs folder.
The certificates correctly point to the CA file. rivate_key_password = loli private_key_file = ${certdir}/server.key certificate_file = ${certdir}/server.pem ca_file = /etc/freeradius/certs/ca.pem ca_path = ${cadir}
I run openssl verify with the client and server certificates and it says OK.
Freeradius is installed on Ununtu 24.04. The version of openssl is: OpenSSL 3.0.13 Jan 30, 2024 (Library: OpenSSL 3.0.13 Jan 30, 2024)
If anyone can help me, I appreciate it. Greetings and thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html