On Jul 9, 2025, at 3:20 AM, Kat via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
Any chance of knowing what these error messages mean?
What part of the error messages are unclear?
Have I used the wrong certificates in the wrong place?
Do the error messages say that?
(39) eap_tls: Executing: /usr/bin/openssl verify -CApath /etc/freeradius/certs %{TLS-Client-Cert-Filename}: (39) eap_tls: EXPAND %{TLS-Client-Cert-Filename} (39) eap_tls: --> /tmp/radiusd/radiusd.client.XXUK9jFp C = FR, ST = Radius, O = Example Inc., CN = user@example.org, emailAddress = user@example.org error 20 at 0 depth lookup: unable to get local issuer certificate
This error is produced by the /usr/bin/openssl program. You can run this same command manually, from the command line. What's going wrong is that you don't have the right certificates in place. A google of "openssl unable to get local issuer certificate" will tell you what needs to be fixed. Since you're running the openssl program, this isn't a FreeRADIUS issue. It's an in issue with OpenSSL, and the certificates that you've put on disk. Alan DeKok.