Client certs with MSCHAPV2 in PEAP

Alan DeKok aland at
Wed Feb 22 23:44:34 CET 2006

"Dave Huff" <dbhuff at> wrote:
>   rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal 
> certificate_unknown
> TLS Alert read:fatal:certificate unknown

  SSL is telling FreeRADIUS that the certificate sent by the client is

  You're probably doing EAP-TLS where the server has one cert, and the
client has cert signed by someone else entirely.  For EAP-TLS to work,
the client certs have to be signed by the server cert.

  Alan DeKok.

More information about the Freeradius-Users mailing list