definitively, I have a problem with eap-tls
Sergio
sergioyebenes at alumnos.upm.es
Wed Jul 23 01:13:37 CEST 2008
HI,
continuing with Reveal MAP problem with unknown ca's under eap-tls
using default configuration....
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
CA_file = ${cadir}/ca.pem
freeradius tell me this:
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0bdb], Certificate
--> verify error:num=24:invalid CA certificate
rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
well, it isn't a problem:
cp server.pem root.pem
cat ca.pem >> root.pem
then I change CA_file = ${cadir}/root.pem
......and.....eureka!!!! authentication succesfully ....but
now there is a problem to check the CRL because root.pem then, something
is wrong before making root.pem.
....well, just tell freeradius how to find certificates....
c_rehash /usr/local/etc/raddb/certs also doesn't works
I think Reveal had the same problem and I have read about this on
mailing list but nothing.
Also I've tried to install ca.pem on /etc/ssl/certs using "ln -s". Has
somebody encountered problems with this apart from Reveal MAP and me?
P.D. route certification into windows isn't a problem, only tell
xp_supplicant who is root authority (It was logical)
More information about the Freeradius-Users
mailing list