eap/tls authentication problem
Jelle Langbroek
jml at orkz.net
Sun Jun 15 17:39:55 CEST 2008
Oh, and when using TLS, install client certificate on client.
2008/6/15 Jelle Langbroek <jml at orkz.net>:
> So, you should probably create a new certificate with a certified CA or a
> correct own CA. Install openssl and follow a howto on creating new
> certificates. Make sure you match Common Name to server.domainname
> Furthermore change certificate options (like password) in eap.conf.
>
> gr, jelle
>
>
>
>>
>> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0377], Certificate --> verify
>> error:num=20:unable to get local issuer certificate
>> chain-depth=0,
>> error=20
>> --> User-Name = mike
>> --> BUF-Name = mike
>> --> subject = /C=NL/ST=Netherlands/O=C2C/CN=mike/emailAddress=mike at xxx.xx
>> --> issuer =
>> /C=NL/ST=Netherlands/O=C2C/CN=BDHZ_server/emailAddress=mike at xxx.xx
>> --> verify return:0
>> rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert
>> write:fatal:unknown CA
>> TLS_accept:error in SSLv3 read client certificate B
>> 6996:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
>> certificate returned:s3_srvr.c:2004:
>> rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080615/cb4b3024/attachment.html>
More information about the Freeradius-Users
mailing list