Thanks Alan! I think both the server and client certificate should match the same CA. Using the same set of certificate, I can run the server directly in Ubuntu. So I doubt the issue is in my Dockerfile. In my Dockerfile: FROM ubuntu:18.04 RUN apt-get update &&\ apt-get install -y freeradius RUN adduser radius WORKDIR /radius EXPOSE 1812/udp 1813/udp COPY radiusd.conf /radius/ COPY certs/* /radius/certs/ CMD ["/usr/sbin/freeradius", "-d", ".","-f","-x","-lstdout"] I copied all the certificates under the current certs/ directory to /radius/certs/ in the docker environment. In the docker environment, there are still certificate under /etc/freeradius/3.0/certs, will FreeRadius use those certificates instead? Thanks a lot! On Thu, Aug 8, 2019 at 6:10 PM Alan DeKok <aland@deployingradius.com> wrote:
On Aug 8, 2019, at 8:51 PM, Jiuyu Sun <sunjiuyu@gmail.com> wrote:
Thanks Alan for the quick response!
I am using eapol_test to send the request with the ca.pem, but still got the Unknown CA error:
Then the client certificate is signed with another CA cert.
OR the server certificate is signed with another CA cert.
The certificates that come with the server work. The default configuration works. So... what changed?
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html