OpenCA Certificates Problem with EAP_TLS
pablo at mondedeu.com
Wed Jul 13 12:32:29 CEST 2005
I’m sending this e-mail to ask about a problem with certificates
generated by OpenCA and used with FreeRadius. My problem is similar to
the one that Tom Tim had using EAP_TLS and the same type of CA. From
what I’ve read, the solution was to export the certificates as pcks12
and then convert them to pem with openssl. At first, I made the EAP_TLS
work using the test certificates. I had no problem doing this. However,
when I used mine, things did not go so well ?.
I have tried using the Radius Server Certificate, using two different
types: TLS WEB SERVER and VPN SERVER. Also, I have tried using that of
the client, such as TLS WEB CLIENT.
I have converted them using 2 different methods:
1. openssl pkcs12 -in cert.p12 -out cert.pem (This seems to be similar
2. openssl pkcs12 -clcerts -nokeys -in cert.p12 -out usercert.pem
openssl pkcs12 -nocerts -in cert.p12 -out userkey.pem (These are similar
to the one above, except that they are separated.)
To confirm this, I looked at the certificates with openssl x509 -in
cert.pem –text, and it appears that everything is correct.
I have attached the log given by the FreeRadius. The server never sends
the Accept-Access, but it doesn’t give many clues as to what is
happening either, except: TLS_accept:error in SSLv3 read client
I hope that someone is able to help me out with this, I am a bit
frustrated with it and I need to get it up and running.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the Freeradius-Users