XP won't authenticate with EAP TLS - log shows unknown_ca fatal error

Landon Cox freeradius at 360vl.com
Thu Aug 11 04:53:22 CEST 2005


On Aug 8, 2005, at 9:39 AM, Landon Cox wrote:
>
> I'm going to do some experiments later tonight and see if I can  
> isolate the success factor.

Back on this topic for a moment...some things I tried to see if I  
could break the configuration were:
     1) remove the certs from the /etc/ssl/certs directory, restart  
FR, no difference - still hooked up fine since the certs are also in  
raddb/certs.

I decided to generate a client cert for a Mac box and when I imported  
it into the Keychain of OS X, I noticed "This certificate is not yet  
valid".

I went back and looked at the output of the certificate generation  
and the "validity Not Before" gave a date/time stamp that was 1 hour  
future (my timezone setting was off by one hour.)

But this made me wonder....was the unknown_ca problem caused by the  
CA cert having a "Not Valid Before" validity that was in the future  
from the real time when it was generated and then initially tested?

Is this a possible cause for an unknown_ca error?

Landon



More information about the Freeradius-Users mailing list