XP won't authenticate with EAP TLS - log shows unknown_ca fatal error
Landon Cox
freeradius at 360vl.com
Thu Aug 11 04:53:22 CEST 2005
On Aug 8, 2005, at 9:39 AM, Landon Cox wrote:
>
> I'm going to do some experiments later tonight and see if I can
> isolate the success factor.
Back on this topic for a moment...some things I tried to see if I
could break the configuration were:
1) remove the certs from the /etc/ssl/certs directory, restart
FR, no difference - still hooked up fine since the certs are also in
raddb/certs.
I decided to generate a client cert for a Mac box and when I imported
it into the Keychain of OS X, I noticed "This certificate is not yet
valid".
I went back and looked at the output of the certificate generation
and the "validity Not Before" gave a date/time stamp that was 1 hour
future (my timezone setting was off by one hour.)
But this made me wonder....was the unknown_ca problem caused by the
CA cert having a "Not Valid Before" validity that was in the future
from the real time when it was generated and then initially tested?
Is this a possible cause for an unknown_ca error?
Landon
More information about the Freeradius-Users
mailing list