definitively, I have a problem with eap-tls
Sergio
sergioyebenes at alumnos.upm.es
Thu Jul 24 15:00:51 CEST 2008
Phil Mayers escribió:
> Sergio wrote:
>> Sorry, I'll do the things right jeje
>
> I haven't been reading all your emails, but what I have read is very
> confusing. So I'm sorry if I misunderstand.
>
> The error message seems very very clear.
>
> FreeRadius cannot verify the client certificate.
>
> This means you have not given it the correct CA certificate.
>
> You keep talking about "c_rehash" - to the best of my knowledge,
> FreeRadius doesn't make use of a "certificate directory" with the
> openssl-style xxxxxxxx.0 -> real.pem symlinks. Forget about that.
>
> Can you please provide:
>
> * a copy of your eap.conf
> * a copy of the files from the "eap { tls {} }" section:
> * certificate_file
> * CA_file
> * a copy of the client cert:
> * user at example.com.pem
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
ok :) I provide certificate files and eap.conf in a tar ball to not to
post a mail too long.
If I print user at example.com.pem in text form I see how radius is the
issuer of the certificate. This is the default PKI and I don't know what
I'm doing wrong.
Thanks for your attention.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: files.tar
Type: application/octet-stream
Size: 30720 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080724/1a53f551/attachment.obj>
More information about the Freeradius-Users
mailing list