definitively, I have a problem with eap-tls

Sergio sergioyebenes at alumnos.upm.es
Thu Jul 24 15:00:51 CEST 2008


Phil Mayers escribió:
> Sergio wrote:
>> Sorry, I'll do the things right jeje
>
> I haven't been reading all your emails, but what I have read is very 
> confusing. So I'm sorry if I misunderstand.
>
> The error message seems very very clear.
>
> FreeRadius cannot verify the client certificate.
>
> This means you have not given it the correct CA certificate.
>
> You keep talking about "c_rehash" - to the best of my knowledge, 
> FreeRadius doesn't make use of a "certificate directory" with the 
> openssl-style xxxxxxxx.0 -> real.pem symlinks. Forget about that.
>
> Can you please provide:
>
>  * a copy of your eap.conf
>  * a copy of the files from the "eap { tls {} }" section:
>    * certificate_file
>    * CA_file
>  * a copy of the client cert:
>    * user at example.com.pem
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
>
ok :) I provide certificate files and eap.conf in a tar ball to not to 
post a mail too long.
If I print user at example.com.pem in text form I see how radius is the 
issuer of the certificate. This is the default PKI and I don't know what 
I'm doing wrong.
Thanks for your attention.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: files.tar
Type: application/octet-stream
Size: 30720 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080724/1a53f551/attachment.obj>


More information about the Freeradius-Users mailing list