21 Nov
2009
21 Nov
'09
6:34 p.m.
So the problem is in certificate:
[tls] <<< TLS 1.0 Handshake [length 038d], Certificate --> verify error:num=20:unable to get local issuer certificate [tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
That means that you haven't imported self-signed ca certificate onto the client.
# openssl verify -CApath ca.pem client.pem client.pem: /C=FR/ST=Radius/O=Example Inc./CN=user@example.com/emailAddress=user@example.com error 20 at 0 depth lookup:unable to get local issuer certificate
I'm little bit confused, I created the client certificate using make client.
Which uses server certificate to sign client certificates.
Isn't possible that freeradius Makefile is buggy?
No. Try verify with server certificate (as it is done in Makefile). Ivan Kalik