Alan DeKok wrote:
"Torkel Mathisen" <torkel.mathisen@bbs.no> wrote:
Anyway, here is the debug log and as you can see I get an unknown CA error. However I got all certs in the correct location on the freeradius server.
The issue isn't the server certificates.
Ok.
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert read:fatal:unknown CA TLS_accept:failed in SSLv3 read client certificate A ...
The client certificate isn't signed by any CA that the RADIUS server knows about.
The solution is to not use client certificates for PEAP. Or, to ensure that the CA cert that the server has is the one you used to sign the client certs.
I don't use client certificates I think. Atleast I haven't installed any certificates on my clients. So how can I fix that? Just delete the client certificate from the radius server ? Regards, Torkel