SSL certificate problems

Alan DeKok aland at
Tue Oct 30 07:40:24 CET 2007

Walter Gould wrote:
> Sorry to bother you guys again -  I created new SSL certificates per
> your above instructions...  After the certs were created, I then:
> 1. copied them to the /etc/raddb/certs directory
> 2. updated /etc/raddb/eap.conf with the certificate names & private key
> password
> 3. copied and installed the new certificate (server.pem) onto my XP
> laptop and
> 4. started radiusd in debug mode, below is the output
> It is acting as you describe in the FAQ -

  You didn't add the root certificate to the XP machine.  See the
EAP-TLS "howto's" on the web site.

> So, I am wondering will I need to install the hotfix as listed in the
> FAQ - and, will this have to be done on ALL Windows machines?  I am
> thinking that I still do not have something configured right on my
> side.   If I uncheck the "validate server certs" box on the XP client, I
> can connect and authenticate successfully.

  Yup.  "Ignore that we have no idea where this certificate came from,
and do PEAP anyways".

  Alan DeKok.

More information about the Freeradius-Users mailing list