Client certs with MSCHAPV2 in PEAP
Alan DeKok
aland at ox.org
Wed Feb 22 23:44:34 CET 2006
"Dave Huff" <dbhuff at yahoo.com> wrote:
> rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal
> certificate_unknown
> TLS Alert read:fatal:certificate unknown
SSL is telling FreeRADIUS that the certificate sent by the client is
bad.
You're probably doing EAP-TLS where the server has one cert, and the
client has cert signed by someone else entirely. For EAP-TLS to work,
the client certs have to be signed by the server cert.
Alan DeKok.
More information about the Freeradius-Users
mailing list