śr., 2 sie 2023, 17:48 użytkownik Alan DeKok <aland@deployingradius.com> napisał:
On Aug 2, 2023, at 9:07 AM, Maciej Kowalka <maciejkowalkati@gmail.com> wrote:
In the config:
Ca_file points to ca.pem Ca_path points to folder containing both ca.pem and intermediate.pem
That should be fine.
Auto_chain is set to “yes”
That might be OK. It's OpenSSL... it's hard to say.
Done c_rehash for the folder with certs, freeradius restarted, but in debug I still see the same warnings:
Warning: Certificate chain - 1 cert(s) untrusted Warning: (TLS) untrusted certificate with depth [1] subject name /C=PL/ST=MyState/O=MyOrg/CN=Intermediate CA Warning: (TLS) untrusted certificate with depth [0] subject name /C=PL/ST=MyState/O=MyOrg/CN=client
Either that's a different certificate than what is in the ca_path directory, or there's some OpenSSL magic going on.
i.e. FreeRADIUS uses OpenSSL for certificate handling. If OpenSSL is complaining about certificates, there's really not a lot we can do.
Alan DeKok.
Would you be able to awnser me if the warning I'm now getting is correct : I now have only client certificate in windows and now I get only Warning: Certificate chain - 1 cert(s) untrusted Warning: (TLS) untrusted certificate with depth [0] subject name /C=PL/ST=MyState/O=MyOrg/CN=client So now the client pc sends only it's own certificate, but is authenticated by radius Maciej