Alan DeKok wrote:
William Hegardt wrote:
EAP-TLS authentication fails with the "fatal unknown ca" message.
The server cert may need to be marked with "CA:true"
If I hack the Makefile like Sergio mentioned last month to sign the client certificate with the CA key, then authentication succeeds.
That can work, too.
I'd really like to understand what's wrong. Could wpa_supplicant be somehow incompatible with the bootstrap certificate chain?
It's OpenSSL on both ends. wpa_supplicant && FreeRADIUS are just wrappers to get the SSL data back and forth.
Pardon me if I've missed something, but as far as I can tell the server cert isn't authorised to sign client certs, so I can't see how it could work. The CA can sign client certs. -- REALITY.SYS not found: Universe halted.