Oh, and when using TLS, install client certificate on client.

2008/6/15 Jelle Langbroek <jml@orkz.net>:
So, you should probably create a new certificate with a certified CA or a correct own CA. Install openssl and follow a howto on creating new certificates. Make sure you match Common Name to server.domainname
Furthermore change certificate options (like password) in eap.conf.

gr, jelle

 

 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0377], Certificate  --> verify error:num=20:unable to get local issuer certificate
chain-depth=0,
error=20
--> User-Name = mike
--> BUF-Name = mike
--> subject = /C=NL/ST=Netherlands/O=C2C/CN=mike/emailAddress=mike@xxx.xx
--> issuer  = /C=NL/ST=Netherlands/O=C2C/CN=BDHZ_server/emailAddress=mike@xxx.xx
--> verify return:0
 rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca  TLS Alert write:fatal:unknown CA
  TLS_accept:error in SSLv3 read client certificate B
6996:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:2004:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.