validate server certificate fails
I have tested selfsing certificate, it works. I had to copy the ca.cert into windows client. Pretty much what this link describes. http://kirkkosinski.com/2012/10/securing-wi-fi-with-peap-and-freeradius-on-c... Now, i have signed certificate from our CA added into eap.conf then imported ca.pem into windows machine. 7 machine and try to authenticate, it always fails. but If I check off the validate server certificate on M$$$$$client machine it works. I have following in my eap.conf tls { certdir = ${confdir}/certs cadir = ${confdir}/certs private_key_file = ${certdir}/myhost.example.key certificate_file = ${certdir}/myhost.example.crt CA_file = ${certdir}/ca.pem dh_file = ${certdir}/dh random_file = /dev/urandom fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" } freeradius version is freeradius-2.1.10-5.el6.x86_64 and Red Hat Enterprise Linux Server release 6.1 This M$ is giving me nightmare :) any idea on this would be great
Thanks phil. I recreated whole certificate thing and placed in proper place. Now, it all worked. it was length size, which i reduce 2048 and no problem, if you do not specify with openssl request it uses RSA 4096 length which apple seem to be complaining. Thanks K On Thu, Nov 7, 2013 at 1:44 PM, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
On 07/11/13 13:30, Khapare Joshi wrote:
any idea on this would be great
Make sure you have the intermediate certificates in "certificate_file" as well.
Make sure that the root certificate is actually present and trusted on the windows client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
participants (2)
-
Khapare Joshi -
Phil Mayers