(4) eap_tls: ERROR: TLS Alert write:fatal:unexpected_message
Michel Verhagen
mike at guruce.com
Thu Apr 15 07:08:42 CEST 2021
Thanks Alan,
> I'd grab the v3.0.x branch from GitHub. I've gone through the TLS messages, and cleaned them up a LOT.
I'm running freeradius3 on a freebsd RPI2. "pkg info freeradius3" shows:
Name : freeradius3
Version : 3.0.21_1
Installed on : Fri Nov 1 18:36:16 2019 NZDT
Origin : net/freeradius3
Do I need a later version, and if yes; how do I get that? I'm a n00b
when it comes to freebsd...
> How did you create the certs? FreeRADIUS has scripts in raddb/scripts which work. Doing it yourself might work, or might not.
By following the instructions in raddb/certs/README. Here's what I did
exactly:
Open an SSH terminal to the server. Login with un/pw freebsd/freebsd,
then switch to root using “su root”.
In the SSH terminal, execute:
cd /usr/share/zoneinfo
ls -l
Now change folder into the time zone grouping folder, eg “CET”,
“Pacific”, etc.:
cd Pacific ls -l
Pick the correct time zone for your location from the list (in this
example Pacific/Auckland), and execute:
cp /usr/share/zoneinfo/Pacific/Auckland /etc/localtime
Now set the date and time (in this example we set 16 Feb 2021, 15:00,
format is yymmddHHmm):
date 2102161500
Execute “date” without any parameters to check if the time zone, date
and time is set correctly:
Tue Feb 16 15:00:24 NZDT 2021
Now we can (re)generate the certificates by executing the following
commands:
cd /usr/local/etc/raddb/certs
mkdir bak
cp -ipv * bak
rm -f *.pem *.der *.csr *.crt *.key *.p12 serial* index.txt*
./bootstrap
The above commands first copy the existing certificate files to a folder
“bak” under the certs folder, so that we can always go back to the
originals if we have to. It then removes all existing certificate files
and creates new certificate files with the correct date and time.
Please let me know if I missed a step or you see anything wrong here...
More information about the Freeradius-Devel
mailing list