Re: Certificate Compatibility
Hi Ben, I am confused. If the certificate is incorrect, then what is this?
[ttls] (other): SSL negotiation finished successfully SSL Connection Established
But I will review to be sure.
If you are getting this error: WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0xf2937007f695654f did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Then the SM doesn't like something about the server certificate. So somewhere along the way your certs are not right. Or I believe if the time on the AP is not correct you will also encounter this error, but I don't remember for sure. Either you don't have the correct CA cert imported on the SM, your server certificate is not signed by the CA cert you have imported on the SM, or you are not using the right certs on the server. Something isn't matching up. You need three pieces: CA Cert on server Server Cert signed by CA cert on server CA Cert on SM Somewhere those pieces aren't right. Ben On Wed, Mar 30, 2011 at 11:16 AM, Jim Rice <jmrice6640@yahoo.com> wrote:
Hi Ben,
I am confused. If the certificate is incorrect, then what is this?
[ttls] (other): SSL negotiation finished successfully SSL Connection Established
But I will review to be sure.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Ben, I really appreciate you taking the time to help me with this. Thanks! I believe that I have those three pieces installed. I discovered that I had specified server.pem for the private_key_file in eap.conf. Changed that to server.key, but ended with the same results. I wonder what else I might need to fix in the eap.conf file. I'm still not really sure how EAP_TLS and EAP_TTLS fit together... Perhaps a few more miles on the doc treadmill and I will graduate from the ranks of clueless newbie, and ask more intelligent questions. Thanks again for your patience. Jim
On 03/30/2011 01:49 PM, Jim Rice wrote:
I discovered that I had specified server.pem for the private_key_file in eap.conf. Changed that to server.key, but ended with the same results.
I trust you're restarting the server after making configuration changes. -- John Dennis <jdennis@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/
participants (3)
-
Ben Wiechman -
Jim Rice -
John Dennis