TLS Error with Freeradius 2: unkown_ca

Alan DeKok aland at
Mon Jun 16 21:49:11 CEST 2008

Julian Stöver wrote:
> I'm running Freeradius2 with EAP-TLS. I've created new certificates and
> putted them into my certs-dir. Radius starts with no errors. But if I
> try to login, I get this TLS Error:
>>   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0467], Certificate
>> --> verify error:num=18:self signed certificate
>>   rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca

  You have given the client a self-signed certificate.  You have given
the server a completely *different* set of certificates.  Since there is
no common point of reference, the user cannot authenticate.

  You need to give the client a certificate that is signed by the server

  Alan DeKok.

More information about the Freeradius-Users mailing list