I'm happy to be wrong about this, but in my experience, this parameter:

-CApath ca.pem

Needs to be an actual path, not a PEM CA file, where you have performed these steps:

download certificate authority cert in PEM format
run c_rehash . (openssl script)

On Thu, May 15, 2008 at 10:37 AM, Avinash Patil <avinashapatil@gmail.com> wrote:
Hi All,
 
I am trying to use authenticate one embedded WLAN device with using freeRadius server 2.0.4
 
I have radiusd.conf,client.conf files as per my configuration.
I have created certificates using bootstrap script.Values in ca.cnf,client.cnf and server.cnf have been modified accordingly.
 
I have copied ca.pem, client.pem to device filesystem.Private key has been extracted from client.pem.
 
Since last week I am trying to authenticate freeradius server but I am getting error like "Unknown CA".
Please see attached radius logs.
 
When I verify client certificate using "openssl verify -CApath ca.pem client.pem"
I see following error:
 
Error 20 at depth 0 lookup : unable to get local issuer certificate.
 
Device is already tested with Windows 2003 server's TLS(of course with different set of certificates :<) ) and it is working fine.
What will be possible reason behind this and where am I going wrong?
 
Appreciate your help.
 
Thanks and Regards,
 
Avinash.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html