(4) eap_tls: ERROR: TLS Alert write:fatal:unexpected_message
mike at guruce.com
Thu Apr 15 07:08:42 CEST 2021
> I'd grab the v3.0.x branch from GitHub. I've gone through the TLS messages, and cleaned them up a LOT.
I'm running freeradius3 on a freebsd RPI2. "pkg info freeradius3" shows:
Name : freeradius3
Version : 3.0.21_1
Installed on : Fri Nov 1 18:36:16 2019 NZDT
Origin : net/freeradius3
Do I need a later version, and if yes; how do I get that? I'm a n00b
when it comes to freebsd...
> How did you create the certs? FreeRADIUS has scripts in raddb/scripts which work. Doing it yourself might work, or might not.
By following the instructions in raddb/certs/README. Here's what I did
Open an SSH terminal to the server. Login with un/pw freebsd/freebsd,
then switch to root using “su root”.
In the SSH terminal, execute:
Now change folder into the time zone grouping folder, eg “CET”,
cd Pacific ls -l
Pick the correct time zone for your location from the list (in this
example Pacific/Auckland), and execute:
cp /usr/share/zoneinfo/Pacific/Auckland /etc/localtime
Now set the date and time (in this example we set 16 Feb 2021, 15:00,
format is yymmddHHmm):
Execute “date” without any parameters to check if the time zone, date
and time is set correctly:
Tue Feb 16 15:00:24 NZDT 2021
Now we can (re)generate the certificates by executing the following
cp -ipv * bak
rm -f *.pem *.der *.csr *.crt *.key *.p12 serial* index.txt*
The above commands first copy the existing certificate files to a folder
“bak” under the certs folder, so that we can always go back to the
originals if we have to. It then removes all existing certificate files
and creates new certificate files with the correct date and time.
Please let me know if I missed a step or you see anything wrong here...
More information about the Freeradius-Devel