The EAP Saga continues.
Evan Vittitow
evan at terralab.com
Tue Feb 13 08:31:05 CET 2007
I've been doing reasearch and reading, and started using a GUI for my CA
called OpenCA.
Using this, I have created some certs
cacert.pem
cacert.key (Private Key)
A variety of Host certs in the format of host-cert.pem and host-key.pem.
(A Prublic/Private key per host.)
Here is my Xsupplicant.conf
eap_tls {
user_key = "/etc/pki/tls/Pukey/kurama-cert.pem"
user_key_pass = ""
root_cert = "/etc/pki/tls/Pukey/cacert.pem"
root_dir = "/etc/pki/tls/Pukey/"
chunk_size = 1398
random_file = "/dev/random/"
session_resume = yes
And here is eap.conf's relaventy section
private_key_file = /etc/pki/tls/Pukey/kurama-key.pem
certificate_file =
/etc/pki/tls/Pukey/kurama-cert.pem
CA_file = /etc/pki/tls/Pukey/cacert.pem
dh_file = ${raddbdir}/certs/dh
This produces the following:
OpenSSL Error -- error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Library : SSL routines
Function : SSL3_GET_SERVER_CERTIFICATE
Reason : certificate verify failed
Help?
More information about the Freeradius-Users
mailing list