intermediate CA
Sergio Yébenes Moreno
sergioyebenes at alumnos.upm.es
Tue Jul 1 17:03:51 CEST 2008
Hi
I'm using freeradius-server-2.0.4 with eap-tls. I have a client cert
signed by an intermediate authority B.pem . If I put CA_file = "B.pem"
in eap.conf, I have this log:
.....
rlm_eap_tls: Done initial handshake
rlm_eap_tls: <<< TLS 1.0 Handshake [length 05f2], Certificate
--> verify error:num=2:unable to get issuer certificate
rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
eaptls_process returned 13
rlm_eap: Freeing handler
++[eap] returns reject
.....
Looks normal because B.pem is signed by self-signed A.pem
I don't know how to put this in eap.conf, TLS section, and also looks
like client never sends his certificate....
can anybody help me? I need to use the two certificates because I'm not
the signer.
Thanks a lot
P.D. España 1 Alemania 0 rules
More information about the Freeradius-Users
mailing list