PEAP fatal bad_certificate

Tue Jun 12 08:56:28 CEST 2007

It seems to be not a particular question, but...

client - winxp wireless, ap - AIR-AP1131AG-E-K9, server 
1.1.6. fresh install.
certificates generated according to CA.all (with 
xp-extension and conversion to pkcs12)

  eap {
    default_eap_type = peap
    timer_expire     = 60
    ignore_unknown_eap_types = no
    cisco_accounting_username_bug = no

    md5 {
    }

    leap {
    }

    gtc {
     auth_type = PAP
    }

    tls {
     private_key_password = xxxxx
     private_key_file = ${raddbdir}/certs/merlin-crt.pem
     certificate_file = ${raddbdir}/certs/merlin-crt.pem
     CA_file = ${raddbdir}/certs/cacert.pem

     dh_key_length = 1024
     dh_file = ${raddbdir}/certs/dh
     random_file = /dev/urandom
    }
    peap {
     default_eap_type = mschapv2
    }
    mschapv2 {
    }
  }

   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 224
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/peap
   rlm_eap: processing type peap
   rlm_eap_peap: Authenticate
   rlm_eap_tls: processing TLS
   eaptls_verify returned 7
   rlm_eap_tls: Done initial handshake
   rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal 
bad_certificate
TLS Alert read:fatal:bad certificate
     TLS_accept:failed in SSLv3 read client certificate A
rlm_eap: SSL error error:14094412:SSL 
routines:SSL3_READ_BYTES:sslv3 alert bad certificate
rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS 
session fails.
   eaptls_process returned 13
   rlm_eap_peap: EAPTLS_HANDLED
   rlm_eap: Freeing handler
   modcall[authenticate]: module "eap" returns reject for 
request 224
modcall: leaving group authenticate (returns reject) for 
request 224
auth: Failed to validate the user.

--
Olimp, System Administrator IT Dept.
Fax. +380(62)381-3428
Tel. +380(62)381-3978-5
----
Looking forward to reading yours.
  RUFF-RIPE DI76-GANDI RUFF-6BONE
      Ruslan N. Marchenko