SV: Any Trusted CA problem

Torkel Mathisen torkel.mathisen at
Wed Feb 22 09:07:45 CET 2006

Alan DeKok wrote:
> "Torkel Mathisen" <torkel.mathisen at> wrote:
> > Anyway, here is the debug log and as you can see I get an unknown CA
> > error. However I got all certs in the correct location on the
> > freeradius server.
>   The issue isn't the server certificates.


> >   rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS
Alert read:fatal:unknown CA
> >     TLS_accept:failed in SSLv3 read client certificate A ...
>   The client certificate isn't signed by any CA that the RADIUS server
> knows about.
>   The solution is to not use client certificates for PEAP.  Or, to
> ensure that the CA cert that the server has is the one you used to
> sign the client certs.

I don't use client certificates I think. Atleast I haven't installed any
certificates on my clients.

So how can I fix that?  Just delete the client certificate from the
radius server ?


More information about the Freeradius-Users mailing list