Hi Landon, I think this piece from the log is suspicious:
rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 02ab], Certificate --> verify error:num=18:self signed certificate chain-depth=0, error=18 --> User-Name = 360VL --> BUF-Name = 360VL --> subject = /C=US/ST=Colorado/L=Colorado Springs/O=360VL Incorporated/CN=360VL/emailAddress=emailwithheld --> issuer = /C=US/ST=Colorado/L=Colorado Springs/O=360VL Incorporated/CN=360VL/emailAddress=emailwithheld --> verify return:0 rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
I think the problem is the user certificate that you imported into XP is "self-signed". What you need to do is use openssl to create a certificate request (using openssl req ...) and then sign that request using the CA (using openssl ca). Then package up the user key and signed user cert into the pkcs#12 envelope (using openssl pkcs12). Finally import into XP. I looked at the instructions for certificate generation in the linux format article and they look OK. Make sure you did not miss a step or use the wrong command somewhere. As to using a password for the pkcs#12 envelope, go ahead and use it. When you import the pkcs#12 file into XP, it will just ask for it, and you enter it, and that should be it. Hope that helps. Michael