Oh, and when using TLS, install client certificate on client.
So, you should probably create a new certificate with a certified CA or a correct own CA. Install openssl and follow a howto on creating new certificates. Make sure you match Common Name to server.domainname
Furthermore change certificate options (like password) in eap.conf.
gr, jelle
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0377], Certificate --> verify error:num=20:unable to get local issuer certificate
chain-depth=0,
error=20
--> User-Name = mike
--> BUF-Name = mike
--> subject = /C=NL/ST=Netherlands/O=C2C/CN=mike/emailAddress=mike@xxx.xx
--> issuer = /C=NL/ST=Netherlands/O=C2C/CN=BDHZ_server/emailAddress=mike@xxx.xx
--> verify return:0
rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
6996:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:2004:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.