EAP TLS Authentication failing!!!! "Unknown CA"

Matt Causey matt.causey at gmail.com
Sat Jun 7 13:11:22 CEST 2008


I'm happy to be wrong about this, but in my experience, this parameter:

-CApath ca.pem

Needs to be an actual path, not a PEM CA file, where you have performed
these steps:

download certificate authority cert in PEM format
run c_rehash . (openssl script)

On Thu, May 15, 2008 at 10:37 AM, Avinash Patil <avinashapatil at gmail.com>
wrote:

> Hi All,
>
> I am trying to use authenticate one embedded WLAN device with using
> freeRadius server 2.0.4
>
> I have radiusd.conf,client.conf files as per my configuration.
> I have created certificates using bootstrap script.Values in
> ca.cnf,client.cnf and server.cnf have been modified accordingly.
>
> I have copied ca.pem, client.pem to device filesystem.Private key has been
> extracted from client.pem.
>
> Since last week I am trying to authenticate freeradius server but I am
> getting error like "Unknown CA".
> Please see attached radius logs.
>
> When I verify client certificate using "openssl verify -CApath ca.pem
> client.pem"
> I see following error:
>
> Error 20 at depth 0 lookup : unable to get local issuer certificate.
>
> Device is already tested with Windows 2003 server's TLS(of course with
> different set of certificates :<) ) and it is working fine.
> What will be possible reason behind this and where am I going wrong?
>
> Appreciate your help.
>
> Thanks and Regards,
>
> Avinash.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080607/740dbef8/attachment.html>


More information about the Freeradius-Users mailing list