Hello, I have a lot of strange messages in radius.log regarding CRL signature failure (randomly). When this message occur in the log, users can't be authenticated on EAP-TLS -> Login Incorrect. Problem is solved with full restart of freeradius service (service freeradius restart). I'm running the latest version 1.1.7 of freeradius compiled from sources on RHEL3 with RHEL openssl-0.9.7a-33.24 (openssl is installed by up2date from RHEL3 repository). Every hour is CRL updated by external cron script together with c_rehash. Mon Feb 4 09:13:24 2008 : Error: --> verify error:num=8:CRL signature failure Mon Feb 4 09:13:24 2008 : Error: TLS Alert write:fatal:decrypt error Mon Feb 4 09:13:24 2008 : Error: TLS_accept:error in SSLv3 read client certificate B Mon Feb 4 09:13:24 2008 : Error: rlm_eap: SSL error error:04077068:rsa routines:RSA_verify:bad signature Mon Feb 4 09:13:24 2008 : Error: rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails. Mon Feb 4 09:13:24 2008 : Auth: Login incorrect: [Kris Jacob] (from client BEBRU765CZ101 port 1 cli 00-16-6F-61-5E-09) eap.conf -------- eap { default_eap_type = tls timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no leap { } tls { CA_path = ${raddbdir}/certs/ check_crl = yes CA_file = ${raddbdir}/certs/CA.pem crl_file = ${raddbdir}/certs/crl.pem certificate_file = ${raddbdir}/certs/radius.pem private_key_file = ${raddbdir}/certs/radius.key dh_file = ${raddbdir}/certs/dh random_file = /dev/urandom fragment_size = 1024 include_length = yes check_cert_cn = %{User-Name} } } I can't found any similar problem in the radius discussion. Thanks --- Cajt ------------------------------------------ http://search.atlas.cz/