Hi Alan, Thank you for your response. I appreciate all the work you put into this project and your reply.
That's the root cause of the problem. You have a CA on the server, but haven't put the CA cert on the supplicant. > You MUST do that in order to get EAP-TLS to work.
See http://deployingradius.com/ for detailed instructions.
I've used your site, solely, as a resource to set up FreeRADIUS. I've also used the wiki, but your site seems to work best. Thank you for helping me interpret the output. I'll post back with my results. Much appreciated, Matthew On Fri, Aug 5, 2016 at 5:33 AM, Alan DeKok <aland@deployingradius.com> wrote:
On Aug 4, 2016, at 11:12 PM, Matthew West <matthew.t.west@gmail.com> wrote:
Follow up to last e-mail. Needed to use a different cert chain and have uploaded that to the server. Tried to authorize again and got a similar error, below. It appears the output means that the handshake failed due to a self-signed certificate in the chain.
No. Please read *all* of the messages.
Thank you,
Matthew
[tls] Done initial handshake [tls] <<< TLS 1.0 Handshake [length 11fa], Certificate --> verify error:num=19:self signed certificate in certificate chain [tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert write:fatal:unknown CA
That's the root cause of the problem. You have a CA on the server, but haven't put the CA cert on the supplicant. You MUST do that in order to get EAP-TLS to work.
See http://deployingradius.com/ for detailed instructions.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html