I'm happy to be wrong about this, but in my experience, this parameter: -CApath ca.pem Needs to be an actual path, not a PEM CA file, where you have performed these steps: download certificate authority cert in PEM format run c_rehash . (openssl script) On Thu, May 15, 2008 at 10:37 AM, Avinash Patil <avinashapatil@gmail.com> wrote:
Hi All,
I am trying to use authenticate one embedded WLAN device with using freeRadius server 2.0.4
I have radiusd.conf,client.conf files as per my configuration. I have created certificates using bootstrap script.Values in ca.cnf,client.cnf and server.cnf have been modified accordingly.
I have copied ca.pem, client.pem to device filesystem.Private key has been extracted from client.pem.
Since last week I am trying to authenticate freeradius server but I am getting error like "Unknown CA". Please see attached radius logs.
When I verify client certificate using "openssl verify -CApath ca.pem client.pem" I see following error:
Error 20 at depth 0 lookup : unable to get local issuer certificate.
Device is already tested with Windows 2003 server's TLS(of course with different set of certificates :<) ) and it is working fine. What will be possible reason behind this and where am I going wrong?
Appreciate your help.
Thanks and Regards,
Avinash.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html