Certificate chain - 1 intermediate CA cert(s) untrusted
Hello, I have the following problem. I configured freeradius to use EAP-TLS and it works. Create the certificates with the script inside the certificates folder. The problem is that when a client connects the following error appears: Certificate chain - 1 intermediate CA cert(s) untrusted To forbid these certificates see 'reject_unknown_intermediate_ca' (TLS) untrusted certificate with depth [1] subject name /C=AR/ST=Buenos Aires/L=Virreyes/O=Lotech/emailAddress=22@gmail.com/CN=CA-FREERADIUS (TLS) untrusted certificate with depth [0] subject name /C=AR/ST=Buenos Aires/O=Lotech/CN=11@gmail.com/emailAddress=11@gmail.com I don't use intermediate AC. I ran c_rehash inside the certs folder. The certificates correctly point to the CA file. rivate_key_password = loli private_key_file = ${certdir}/server.key certificate_file = ${certdir}/server.pem ca_file = /etc/freeradius/certs/ca.pem ca_path = ${cadir} I run openssl verify with the client and server certificates and it says OK. Freeradius is installed on Ununtu 24.04. The version of openssl is: OpenSSL 3.0.13 Jan 30, 2024 (Library: OpenSSL 3.0.13 Jan 30, 2024) If anyone can help me, I appreciate it. Greetings and thanks.
No solution yet. Same problem #1: https://lists.freeradius.org/pipermail/freeradius-users/2024-November/104940... Same problem #2: https://lists.freeradius.org/pipermail/freeradius-users/2023-August/103398.h... Same problem #3: https://github.com/FreeRADIUS/freeradius-server/issues/5273 OpenSSL says It's FreeRADIUS problem ( https://groups.google.com/a/openssl.org/g/openssl-users/c/qfLesr8bw_w ) FreeRADIUS says It's OpenSSL problem On 2024-11-09 00:08, Rodrigo Prieto wrote:
Hello, I have the following problem. I configured freeradius to use EAP-TLS and it works. Create the certificates with the script inside the certificates folder. The problem is that when a client connects the following error appears:
Certificate chain - 1 intermediate CA cert(s) untrusted To forbid these certificates see 'reject_unknown_intermediate_ca' (TLS) untrusted certificate with depth [1] subject name /C=AR/ST=Buenos Aires/L=Virreyes/O=Lotech/emailAddress=22@gmail.com/CN=CA-FREERADIUS (TLS) untrusted certificate with depth [0] subject name /C=AR/ST=Buenos Aires/O=Lotech/CN=11@gmail.com/emailAddress=11@gmail.com
I don't use intermediate AC. I ran c_rehash inside the certs folder.
The certificates correctly point to the CA file. rivate_key_password = loli private_key_file = ${certdir}/server.key certificate_file = ${certdir}/server.pem ca_file = /etc/freeradius/certs/ca.pem ca_path = ${cadir}
I run openssl verify with the client and server certificates and it says OK.
Freeradius is installed on Ununtu 24.04. The version of openssl is: OpenSSL 3.0.13 Jan 30, 2024 (Library: OpenSSL 3.0.13 Jan 30, 2024)
If anyone can help me, I appreciate it. Greetings and thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for responding. I will be attentive to see if they find a solution. Can I ask another question in this thread or do I create a new one? Thanks again. El sáb., 9 de noviembre de 2024 09:44, Alexey D. Filimonov < alexey@filimonic.net> escribió:
No solution yet.
Same problem #1:
https://lists.freeradius.org/pipermail/freeradius-users/2024-November/104940... Same problem #2:
https://lists.freeradius.org/pipermail/freeradius-users/2023-August/103398.h... Same problem #3: https://github.com/FreeRADIUS/freeradius-server/issues/5273
OpenSSL says It's FreeRADIUS problem ( https://groups.google.com/a/openssl.org/g/openssl-users/c/qfLesr8bw_w ) FreeRADIUS says It's OpenSSL problem
Hello, I have the following problem. I configured freeradius to use EAP-TLS and it works. Create the certificates with the script inside the certificates folder. The problem is that when a client connects the following error appears:
Certificate chain - 1 intermediate CA cert(s) untrusted To forbid these certificates see 'reject_unknown_intermediate_ca' (TLS) untrusted certificate with depth [1] subject name /C=AR/ST=Buenos Aires/L=Virreyes/O=Lotech/emailAddress=22@gmail.com/CN=CA-FREERADIUS (TLS) untrusted certificate with depth [0] subject name /C=AR/ST=Buenos Aires/O=Lotech/CN=11@gmail.com/emailAddress=11@gmail.com
I don't use intermediate AC. I ran c_rehash inside the certs folder.
The certificates correctly point to the CA file. rivate_key_password = loli private_key_file = ${certdir}/server.key certificate_file = ${certdir}/server.pem ca_file = /etc/freeradius/certs/ca.pem ca_path = ${cadir}
I run openssl verify with the client and server certificates and it says OK.
Freeradius is installed on Ununtu 24.04. The version of openssl is: OpenSSL 3.0.13 Jan 30, 2024 (Library: OpenSSL 3.0.13 Jan 30, 2024)
If anyone can help me, I appreciate it. Greetings and thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 2024-11-09 00:08, Rodrigo Prieto wrote: - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
If it is not related to this thread, then you should create a new thread. On 2024-11-09 15:53, Rodrigo Prieto wrote:
Thanks for responding. I will be attentive to see if they find a solution. Can I ask another question in this thread or do I create a new one? Thanks again.
El sáb., 9 de noviembre de 2024 09:44, Alexey D. Filimonov < alexey@filimonic.net> escribió:
No solution yet.
Same problem #1:
https://lists.freeradius.org/pipermail/freeradius-users/2024-November/104940... Same problem #2:
https://lists.freeradius.org/pipermail/freeradius-users/2023-August/103398.h... Same problem #3: https://github.com/FreeRADIUS/freeradius-server/issues/5273
OpenSSL says It's FreeRADIUS problem ( https://groups.google.com/a/openssl.org/g/openssl-users/c/qfLesr8bw_w ) FreeRADIUS says It's OpenSSL problem
Hello, I have the following problem. I configured freeradius to use EAP-TLS and it works. Create the certificates with the script inside the certificates folder. The problem is that when a client connects the following error appears:
Certificate chain - 1 intermediate CA cert(s) untrusted To forbid these certificates see 'reject_unknown_intermediate_ca' (TLS) untrusted certificate with depth [1] subject name /C=AR/ST=Buenos Aires/L=Virreyes/O=Lotech/emailAddress=22@gmail.com/CN=CA-FREERADIUS (TLS) untrusted certificate with depth [0] subject name /C=AR/ST=Buenos Aires/O=Lotech/CN=11@gmail.com/emailAddress=11@gmail.com
I don't use intermediate AC. I ran c_rehash inside the certs folder.
The certificates correctly point to the CA file. rivate_key_password = loli private_key_file = ${certdir}/server.key certificate_file = ${certdir}/server.pem ca_file = /etc/freeradius/certs/ca.pem ca_path = ${cadir}
I run openssl verify with the client and server certificates and it says OK. Freeradius is installed on Ununtu 24.04. The version of openssl is: OpenSSL 3.0.13 Jan 30, 2024 (Library: OpenSSL 3.0.13 Jan 30, 2024)
If anyone can help me, I appreciate it. Greetings and thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 2024-11-09 00:08, Rodrigo Prieto wrote: - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Alexey D. Filimonov -
Rodrigo Prieto