eap/tls authentication problem

Jelle Langbroek jml at orkz.net
Sun Jun 15 17:37:53 CEST 2008


So, you should probably create a new certificate with a certified CA or a
correct own CA. Install openssl and follow a howto on creating new
certificates. Make sure you match Common Name to server.domainname
Furthermore change certificate options (like password) in eap.conf.

gr, jelle



>
>  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0377], Certificate  --> verify
> error:num=20:unable to get local issuer certificate
> chain-depth=0,
> error=20
> --> User-Name = mike
> --> BUF-Name = mike
> --> subject = /C=NL/ST=Netherlands/O=C2C/CN=mike/emailAddress=mike at xxx.xx
> --> issuer  =
> /C=NL/ST=Netherlands/O=C2C/CN=BDHZ_server/emailAddress=mike at xxx.xx
> --> verify return:0
>  rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca  TLS Alert
> write:fatal:unknown CA
>   TLS_accept:error in SSLv3 read client certificate B
> 6996:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate
> returned:s3_srvr.c:2004:
> rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080615/87dc692a/attachment.html>


More information about the Freeradius-Users mailing list