Problem with EAP TLS authentication in Freeradius
Hi, Iam using Freeeadius 2.1.0. The setup is working fine with EAP-TTLS, PEAP method.But for EAP TLS, it gives the below error.. Please let me know how to solve.. [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Regards Senthil
Iam using Freeeadius 2.1.0. The setup is working fine with EAP-TTLS, PEAP method.But for EAP TLS, it gives the below error.. Please let me know how to solve..
[eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user.
Well, post the rest of the debug. Ivan Kalik
Hi All, Below is the complete Log.. Please let me know how to solve/debug it.. Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 4991, id=2, length=144 User-Name = "maemo" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0023692c6f74" Calling-Station-Id = "0026cc77eec0" NAS-Identifier = "0023692c6f74" NAS-Port = 25 Framed-MTU = 1400 State = 0x45582910465c24fb98a2f4e05021adb4 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0204000d0d001503010002012a Message-Authenticator = 0x931254661785b3d79fa3b2f098878921 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "maemo", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 13 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated [files] users: Matched entry maemo at line 75 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] eaptls_verify returned 7 [tls] Done initial handshake [tls] <<< TLS 1.0 Alert [length 0002], warning bad_certificate TLS Alert read:warning:bad certificate [tls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode SSL Application Data TLS failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} expand: %{User-Name} -> maemo attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 4 for 1 seconds Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 4993, id=2, length=126 User-Name = "maemo" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0023692c6f74" Calling-Station-Id = "0026cc77eec0" NAS-Identifier = "0023692c6f74" NAS-Port = 25 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0204000d0d001503010002020a Message-Authenticator = 0x59f824b9b0758f49f85a716af1c7654f +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "maemo", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 13 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated [files] users: Matched entry maemo at line 75 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request [eap] Failed in handler ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} expand: %{User-Name} -> maemo attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 5 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 4 Sending Access-Reject of id 2 to 192.168.1.1 port 4991 EAP-Message = 0x04040004 Message-Authenticator = 0x00000000000000000000000000000000 Sending delayed reject for request 5 Sending Access-Reject of id 2 to 192.168.1.1 port 4993 Waking up in 3.9 seconds. Cleaning up request 0 ID 2 with timestamp +364 Cleaning up request 1 ID 2 with timestamp +364 Cleaning up request 2 ID 2 with timestamp +364 Cleaning up request 3 ID 2 with timestamp +364 Waking up in 1.0 seconds. Cleaning up request 4 ID 2 with timestamp +364 Cleaning up request 5 ID 2 with timestamp +364 Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.1 port 1124, id=2, length=123 User-Name = "maemo" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0023692c6f74" Calling-Station-Id = "0026cc77eec0" NAS-Identifier = "0023692c6f74" NAS-Port = 25 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000a016d61656d6f Message-Authenticator = 0x596ea2d6b93bd2f361c9eeb9553a4df9 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "maemo", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 0 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated [files] users: Matched entry maemo at line 75 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Requiring client certificate [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 2 to 192.168.1.1 port 1124 EAP-Message = 0x010100060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb7ff998ab7fe9479079512a41db6a682 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1126, id=2, length=201 User-Name = "maemo" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0023692c6f74" Calling-Station-Id = "0026cc77eec0" NAS-Identifier = "0023692c6f74" NAS-Port = 25 Framed-MTU = 1400 State = 0xb7ff998ab7fe9479079512a41db6a682 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100460d800000003c16030100370100003303014b0fe11b9b2b971ae0f083c8e265b1c3eb9dd17dcfa50b25082390340290479100000c000a002f00160033000400050100 Message-Authenticator = 0xb09ee3ebd234b03184c8ec0c658ed6bf +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "maemo", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 70 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated [files] users: Matched entry maemo at line 75 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS TLS Length 60 [tls] Length Included [tls] eaptls_verify returned 11 [tls] (other): before/accept initialization [tls] TLS_accept: before/accept initialization [tls] <<< TLS 1.0 Handshake [length 0037], ClientHello [tls] TLS_accept: SSLv3 read client hello A [tls] >>> TLS 1.0 Handshake [length 002a], ServerHello [tls] TLS_accept: SSLv3 write server hello A [tls] >>> TLS 1.0 Handshake [length 085e], Certificate [tls] TLS_accept: SSLv3 write certificate A [tls] >>> TLS 1.0 Handshake [length 00a6], CertificateRequest [tls] TLS_accept: SSLv3 write certificate request A [tls] TLS_accept: SSLv3 flush data [tls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 2 to 192.168.1.1 port 1126 EAP-Message = 0x010204000dc00000093d160301002a0200002603014b0fe155017cb13e0d7e3188e182d6298fad1b95261e1468b64f7a9d76c5b6ae00000a00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3039313132373133343535315a170d3130313132373133343535315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b5f42282a7ad26e7add58c56b8d067a8021163ec76f07905ccc83358dedd901d243aa84ce7a023244f8ed5debcbc684a5d0bd4c0b5d805b4d7c1d95c59ae EAP-Message = 0x7bacb059dd02f424d0830c020fb750d0bf63640bf6ff33dfba1783f6b876971f8a9b8a26a455910752e7759ab1a0a34b6b302b6d3b7350528412b3f3de7f76cf72a43329c1c007619225088f55d64b6299c15813844eeb92c072b1cb16774da3b8aabd68b6b816ffcb4e4792c3e75303ebcc9a4ae2b12bafbd6ec0c9ea43c74b6b0b52bd0a82da57d4943cbb1511bc740f7ea1a9a651a60fe01c5bda629eaaaa54cab99f4f59af1e27f98b550cc9e4a302caf67156bd43d8de838c564f00968e90250203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100a4c8d73c140f7728b4 EAP-Message = 0x6ea406b638fd84d9c291c401a750d3d3cdf3f4fce08174898c4aa6bc910a56b18a25fe8a966af33301735d61d54fe4d880f1085b7cce5454ef911f70054c5b3a8b457a83f4a13237fad33d7170e050b8ab27b7985bb05f24d1c5eb05a9fadaeaef5b36f6030f48bc6cd0b63057268a7ce4f30a3bde455e72328c9fe3db94b52c3d89e9f36331622ae72168934222e87d5449ef93260a7d2684c87ee32815d6642e43488f145ecb43c3e2c5fb6532d1efbb68b284bc40c849092ee0535c408bf5faecc5cb4ce11281acd956cb5d1b928d3326295779cf711889839d023086837abc12f17aa6ad833424948dfddf16b062f3faa217f9c7910004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb7ff998ab6fd9479079512a41db6a682 Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1128, id=2, length=137 User-Name = "maemo" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0023692c6f74" Calling-Station-Id = "0026cc77eec0" NAS-Identifier = "0023692c6f74" NAS-Port = 25 Framed-MTU = 1400 State = 0xb7ff998ab6fd9479079512a41db6a682 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200060d00 Message-Authenticator = 0x911a331308f2f9fd3be12ee936f776f5 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "maemo", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated [files] users: Matched entry maemo at line 75 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] Received TLS ACK [tls] ACK handshake fragment handler [tls] eaptls_verify returned 1 [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 2 to 192.168.1.1 port 1128 EAP-Message = 0x010304000dc00000093d0095e43783392a6bb0300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039313132373133343535315a170d3039313232373133343535315a308193310b3009060355040613024652310f300d0603550408130652616469757331123010 EAP-Message = 0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c71510fb96ae45b7c0defedb61039780769de388326a8ac6e27b2158153c3e09df28261e2dce422bbc881d23845b76e7180b511fa77969e6174d649e47257700e6d8aff27f82b644d748a0b99d171153ee2e305cbff0ae7c5790da2b0bfef791e8c0017f45b348ba2333e5 EAP-Message = 0xe2f50d6fe9536b45fda6ff9c5e0497452fb99f2ca9ed8f0453443a84b77dd266ae23c160a0cea139267375e15a4b16d14e4aa202caf20bf36d251f67d6685f3d9f1de5114317a17795682ee7a7b03583b6ff626eff4bcd9ed5dd49cd86df98dc4f9a5f7a24bb4176c24cd4806c6a2289bd96c3658fc560546dce827958ae4c096365b926077f76b50bf38108fd9cc5a47e0eed5a110203010001a381fb3081f8301d0603551d0e04160414d3935489ab4f4373f5161ef642c209bdd72034af3081c80603551d230481c03081bd8014d3935489ab4f4373f5161ef642c209bdd72034afa18199a48196308193310b3009060355040613024652310f300d EAP-Message = 0x060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747982090095e43783392a6bb0300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100b86a415d22a869fe7e01ea5f3924948b764cd64851af682ad8e6ac9cea0678288b35517d6ce5602bea997da1d634382c8a758471bd9daccf171936c01d7f0794b9d25421194122ce7b314b9d51a9 EAP-Message = 0xa44ce5af9d6e5dbf8393869a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb7ff998ab5fc9479079512a41db6a682 Finished request 8. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1130, id=2, length=137 User-Name = "maemo" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0023692c6f74" Calling-Station-Id = "0026cc77eec0" NAS-Identifier = "0023692c6f74" NAS-Port = 25 Framed-MTU = 1400 State = 0xb7ff998ab5fc9479079512a41db6a682 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300060d00 Message-Authenticator = 0x1fc93a49fa023f01c0f9a4edc81dade5 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "maemo", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated [files] users: Matched entry maemo at line 75 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] Received TLS ACK [tls] ACK handshake fragment handler [tls] eaptls_verify returned 1 [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 2 to 192.168.1.1 port 1130 EAP-Message = 0x0104015b0d800000093d4c37042760e6a3747d76641ca50d3d74b25f2169f2273d2c5e019dfd7161e4cb332270b9b0663f3f088a13f53d7e93157d1fc714658fdc17ac94705acd45fbb8e99683082f33d790c4adcbea80070408d663543930891d13f3247cc5f8b2b502b2ad06c4aa70c206c9f46f7e22ae3a70f16fcd57e7af707e5bdd73776585f148cf882cd012a36388c6734ab3e3bea7a5e9a3f8425fc4fa9dca9c115880ecc85645b379b7089d16030100a60d00009e0301024000980096308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355 EAP-Message = 0x040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f726974790e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb7ff998ab4fb9479079512a41db6a682 Finished request 9. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1132, id=2, length=144 User-Name = "maemo" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0023692c6f74" Calling-Station-Id = "0026cc77eec0" NAS-Identifier = "0023692c6f74" NAS-Port = 25 Framed-MTU = 1400 State = 0xb7ff998ab4fb9479079512a41db6a682 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0204000d0d001503010002012a Message-Authenticator = 0x776adf5edd8baebf1b09946d8e255b93 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "maemo", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 13 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated [files] users: Matched entry maemo at line 75 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] eaptls_verify returned 7 [tls] Done initial handshake [tls] <<< TLS 1.0 Alert [length 0002], warning bad_certificate TLS Alert read:warning:bad certificate [tls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode SSL Application Data TLS failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} expand: %{User-Name} -> maemo attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 10 for 1 seconds Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1134, id=2, length=126 User-Name = "maemo" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0023692c6f74" Calling-Station-Id = "0026cc77eec0" NAS-Identifier = "0023692c6f74" NAS-Port = 25 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0204000d0d001503010002020a Message-Authenticator = 0xc0da70e5e3e25e34c5729fe4f3b06799 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "maemo", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 13 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated [files] users: Matched entry maemo at line 75 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request [eap] Failed in handler ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} expand: %{User-Name} -> maemo attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 11 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 10 Sending Access-Reject of id 2 to 192.168.1.1 port 1132 EAP-Message = 0x04040004 Message-Authenticator = 0x00000000000000000000000000000000 Sending delayed reject for request 11 Sending Access-Reject of id 2 to 192.168.1.1 port 1134 Waking up in 3.9 seconds. Cleaning up request 6 ID 2 with timestamp +1200 Cleaning up request 7 ID 2 with timestamp +1200 Cleaning up request 8 ID 2 with timestamp +1200 Cleaning up request 9 ID 2 with timestamp +1200 Waking up in 1.0 seconds. Cleaning up request 10 ID 2 with timestamp +1200 Cleaning up request 11 ID 2 with timestamp +1200 Ready to process requests. On Sat, Dec 5, 2009 at 7:24 PM, <tnt@kalik.net> wrote:
Iam using Freeeadius 2.1.0. The setup is working fine with EAP-TTLS, PEAP method.But for EAP TLS, it gives the below error.. Please let me know how to solve..
[eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user.
Well, post the rest of the debug.
Ivan Kalik
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Regards Senthil
Below is the complete Log.. Please let me know how to solve/debug it..
[tls] Done initial handshake
[tls] <<< TLS 1.0 Alert [length 0002], warning bad_certificate
TLS Alert read:warning:bad certificate
It's adifferent error. Quite clear what is wrong. Did you try to alter Makefile yourself? If you don't know how to do it, try the Makefile from 2.1.8-pre or wait a few days for 2.1.8 release which will have client certificates signed by ca. Ivan Kalik
Where I could get the "makefile" v.2.1.8-pre.... Probably it also solves the problem that I have. regards, Fernando. tnt@kalik.net wrote:
Below is the complete Log.. Please let me know how to solve/debug it..
[tls] Done initial handshake
[tls] <<< TLS 1.0 Alert [length 0002], warning bad_certificate
TLS Alert read:warning:bad certificate
It's adifferent error. Quite clear what is wrong. Did you try to alter Makefile yourself? If you don't know how to do it, try the Makefile from 2.1.8-pre or wait a few days for 2.1.8 release which will have client certificates signed by ca.
Ivan Kalik
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fernando Calvelo Vazquez wrote:
Where I could get the "makefile" v.2.1.8-pre.... Probably it also solves the problem that I have.
http://git.freeradius.org/pre/ Alan DeKok.
Where I could get the "makefile" v.2.1.8-pre.... Probably it also solves the problem that I have.
Get the whole thing and take what you want: http://git.freeradius.org/pre/ Ivan Kalik
Actually I copied the file from /usr/share/doc/freeradius/examples/certs folder But I didnt change any in MAKE file Is there anyother way to debug it??? On Tue, Dec 8, 2009 at 3:40 AM, <tnt@kalik.net> wrote:
Below is the complete Log.. Please let me know how to solve/debug it..
[tls] Done initial handshake
[tls] <<< TLS 1.0 Alert [length 0002], warning bad_certificate
TLS Alert read:warning:bad certificate
It's adifferent error. Quite clear what is wrong. Did you try to alter Makefile yourself? If you don't know how to do it, try the Makefile from 2.1.8-pre or wait a few days for 2.1.8 release which will have client certificates signed by ca.
Ivan Kalik
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- "Adversity always presents opportunity for Introspection" Regards Senthil
Actually I copied the file from /usr/share/doc/freeradius/examples/certs folder But I didnt change any in MAKE file
From which version? 2.1.7 or 2.1.8? 2.1.8 has the new Makefile which signs client certificates with ca certificate.
Is there anyother way to debug it???
That's openSSL stuff. Ask them. Ivan Kalik
Hi I have copied MAKE file from the 2.1.8 pre version.But not able to generate certificates. When I try to run ./bootstrap , it throws error related to MAKE.in file Please let me know the procedure to generate a certificate. Regards Senthil On Wed, Dec 9, 2009 at 1:00 AM, <tnt@kalik.net> wrote:
Actually I copied the file from /usr/share/doc/freeradius/examples/certs folder But I didnt change any in MAKE file
From which version? 2.1.7 or 2.1.8? 2.1.8 has the new Makefile which signs client certificates with ca certificate.
Is there anyother way to debug it???
That's openSSL stuff. Ask them.
Ivan Kalik
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- "Adversity always presents opportunity for Introspection" Regards Senthil
participants (4)
-
Alan DeKok -
Fernando Calvelo Vazquez -
senthil kumar -
tnt@kalik.net