Are SHA-256 certificates supported?
hannu.lammi at wipsl.com
hannu.lammi at wipsl.com
Tue Oct 23 09:10:05 CEST 2007
Hi,
I need to set up a RADIUS server that accepts certificates which use
SHA-256 as signature algorithm (OID sha256WithRSAEncryption). I have set
up a FreeRADIUS 2.0.0-pre2 server to see if this would work out of the
box.
After verifying that EAP-TLS authentication works with SHA-1 certificates
I switched to SHA-256 certificate that was created with OpenSSL 0.9.8b,
the same that FreeRADIUS was compiled against.
Here's a snippet of the log I got from my SHA-256 test:
=====
--> verify error:num=7:certificate signature failure
rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal decrypt_error
TLS Alert write:fatal:decrypt error
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:0D0C50A1:asn1 encoding
routines:ASN1_item_verify:unknown message digest algorithm
=====
It would seem there's a problem somewhere. It may very well be in the
client I'm using.
So, I'd like to know if FreeRADIUS supports SHA-256 certificates?
If it doesn't, is the support for them planned?
thanks in advance,
- Hannu
More information about the Freeradius-Users
mailing list