On Aug 31, 2017, at 2:58 PM, Matthew Pulis <mpulis@gmail.com> wrote:
My Windows clients (Win 7 and Win 10) cannot authenticate with Freeradius due to this error:
routines:ssl3_read_bytes:tlsv1 alert unknown ca
It means that you didn't put the CA certificate on the Windows machine. Go do that, and it will work.
I have searched a bit around and seems to be a problem with the CA certification of the server. Is that correct?
The CA cert is fine. The problem is that the Windows machine doesn't have a copy of it, and therefore doesn't trust FreeRADIUS when it says "my server cert is signed with this CA".
As far as I remember last year it was working, but now that I restarted the project and am planning to finalise it, we are getting this error. Maybe something happened in Windows environment - for example some update?
Something which deleted the CA certificate. *or* the CA certificate was only valid for 12 months, and it expired.
I haven't touched Freeradius these past 12 months and I forgot what I did,
This isn't a FreeRADIUS problem. Put the CA cert on the Windows machines, and they will be able to authenticate. Alan DeKok.