检查一下时间系统,要求在证书的有效期内
CA的事情有点难说,你再检查下配置

On Thu, May 13, 2010 at 10:53 AM, Zheng, Jiajia <jiajia.zheng@intel.com> wrote:
Alan DeKok wrote:
> Zheng, Jiajia wrote:
>>> 11. EAP-TLS failed, see the attached tls.log for the output of
>>> radiusd Could you help me out on this issue?
>
>   Paste the debug output into the "self-help" form at:
>
> http://networkradius.com/freeradius.html
>
>   Look for red text.
>
>>> Is there anything I did wrong? Let me know if you need more
>>> debugging info.
>
>   The debug log already shows everything you need to know.
>
>   The CA used by the client is *not* the same as the CA used by the
> server.
>
Yes, from the debug log, we can tell that the CA is wrong.
But as I mentioned that the same CA works fine with EAP-TTLS. Why it goes wrong with EAP-TLS?
Here is my configure file for EAP-TTLS which works.
WPA_EAP_TTLS_CHAP.conf
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
network={
ssid="ASUS-2.4G"
scan_ssid=1
key_mgmt=WPA-EAP
eap=TTLS
identity="root"
password="wireless"
ca_cert="./ca.pem"
phase2="auth=CHAP"
}
Here is my configure file for EAP-TLS which fails authentication.
WPA_EAP_TLS.conf
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
network={
ssid="ASUS-2.4G"
scan_ssid=1
key_mgmt=WPA-EAP
eap=TLS
identity="root"
ca_cert="./ca.pem"
client_cert="./client.pem"
private_key="./client.pem"
private_key_passwd="whatever"
}

The client.pem used by client was also copied from server.
Is there anything wrong with my configure file? I also attached the *.pem.

Thanks,
jiajia
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html