Hi,
I chose to start with this article as it was one of the most recent tutorials I could find on the topic of FreeRADIUS and EAP TLS.
strange. the EAP-TLS HOWTO seems uite straight forward. everything else is a rewrite of this guide.
if you like. You may be tempted to press Enter instead, especially given that the WPA supplicant in Windows XP works only when you store its certificates without a passphrases..." I've tried generate the
interesting. we've used pass phrases...stops people just copying the certificate onto any unknown machine.
client p12 file both ways and reimporting to XP's Personal Certificates to no avail. Is that pkcs12 passphrase assertion still true for XP supplicant? Either way, with or without, I can't get this to work, so that must not be the issue.
did you use the extra XP SSL additions as per the EAP-TLS HOWTO?
I have also tried un-checking the "Validate Server Certificate" in the 802.1x settings of XP for that Access Point. I get the same error, so the error seems to indicate an issue with not being able to deal with the client side cert?
I've imported both the cacert.pem into my Trusted Root Certs in XP and the client_cert.p12 into "Personal->Certificates". There were no steps indicated I needed to import server cert on the XP side (which doesn't make sense anyway...just noting here that for diagnostic purposes.)
Any help towards solving this issue would be very much appreciated.
Now for the debug log:
TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B
though this seems to suggest that your FreeRADIUS doesnt know much about this certificate. I'd check the eap.conf file alan