SV: Any Trusted CA problem
Torkel Mathisen
torkel.mathisen at bbs.no
Wed Feb 22 09:07:45 CET 2006
Alan DeKok wrote:
> "Torkel Mathisen" <torkel.mathisen at bbs.no> wrote:
> > Anyway, here is the debug log and as you can see I get an unknown CA
> > error. However I got all certs in the correct location on the
> > freeradius server.
>
> The issue isn't the server certificates.
>
Ok.
> > rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS
Alert read:fatal:unknown CA
> > TLS_accept:failed in SSLv3 read client certificate A ...
>
> The client certificate isn't signed by any CA that the RADIUS server
> knows about.
>
> The solution is to not use client certificates for PEAP. Or, to
> ensure that the CA cert that the server has is the one you used to
> sign the client certs.
I don't use client certificates I think. Atleast I haven't installed any
certificates on my clients.
So how can I fix that? Just delete the client certificate from the
radius server ?
Regards,
Torkel
More information about the Freeradius-Users
mailing list