Walter Gould wrote:
Sorry to bother you guys again - I created new SSL certificates per your above instructions... After the certs were created, I then:
1. copied them to the /etc/raddb/certs directory 2. updated /etc/raddb/eap.conf with the certificate names & private key password 3. copied and installed the new certificate (server.pem) onto my XP laptop and 4. started radiusd in debug mode, below is the output
It is acting as you describe in the FAQ -
You didn't add the root certificate to the XP machine. See the EAP-TLS "howto's" on the web site.
So, I am wondering will I need to install the hotfix as listed in the FAQ - and, will this have to be done on ALL Windows machines? I am thinking that I still do not have something configured right on my side. If I uncheck the "validate server certs" box on the XP client, I can connect and authenticate successfully.
Yup. "Ignore that we have no idea where this certificate came from, and do PEAP anyways". Alan DeKok.