You have three possible issues.

1). You need to chain all of the certs into one file.

2). MS requires that the cert have a "special purpose".  This is documented and needs to be included in the CSR.  BS, but that's MS for you.

3). MS might not like wild cards.  Not sure about this but it may be an issue.  Easy enough to test.  If 1 and 2 don't work, try with a non-wildcard cert +1 and 2.  Post your results so we can all learn from it.

Carl Peterson



On Sep 14, 2012, at 10:44 AM, Tyller D <tyllerd@gmail.com> wrote:



On Fri, Sep 14, 2012 at 4:07 PM, Alan DeKok <aland@deployingradius.com> wrote:
Tyller D wrote:
> I have everything configured and working when I disabled "validate
> server Certificate" on windows.
> I have a wildcard certificate purchased from godaddy.com.

  I'm not sure that will work.
 
Is there a reason for that? Godaddy is in the list of servers to validate against?

 
> I had a problem when using it with apache as I had to add the
> intermediate chain in the config but can't find a place to do that in
> FreeRaius.

  You should have the CA cert, and all of the certs leading to the
server certificate.

Correct, I do. But which one do add as "certificate_file" in eap.conf?
 

> When Auth fails because of validation then I get this in Freeradius debug

  So... did you read eap.conf, and configure the certificates as
documented there?


Are you referring to this?

  - Windows requires the root certificates to be on the client PC.
    If it doesn't have them, you will see the same issue as above.

I'm just guessing but it seems like that would be the cause.

 
> Is there something that I can do to get this to work?

  Read the documentation?

My question is, all the certificates leading to the  server certifcate - where do I add them?

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html