intermediate CA

Ivan Kalik tnt at
Mon Jun 30 17:15:54 CEST 2008

B.pem is a server certificate. A.pem is a CA certificate. Lik to that one.

Ivan Kalik
Kalik Informatika ISP

Dana 1/7/2008, "Sergio Yébenes Moreno" <sergioyebenes at>

>I'm using freeradius-server-2.0.4 with eap-tls. I have a client cert
>signed by an intermediate authority B.pem . If I put CA_file = "B.pem"
>in eap.conf, I have this log:
> rlm_eap_tls: Done initial handshake
>  rlm_eap_tls: <<< TLS 1.0 Handshake [length 05f2], Certificate
>--> verify error:num=2:unable to get issuer certificate
>  rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
>TLS Alert write:fatal:unknown CA
>    TLS_accept:error in SSLv3 read client certificate B
>rlm_eap: SSL error error:140890B2:SSL
>routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
>rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
>  eaptls_process returned 13
>  rlm_eap: Freeing handler
>++[eap] returns reject
>Looks normal because B.pem is signed by self-signed A.pem
>I don't know how to put this in eap.conf, TLS section, and also looks
>like client never sends his certificate....
>can anybody help me? I need to use the two certificates because I'm not 
>the signer.
>Thanks a lot
>P.D. EspaĂąa 1 Alemania 0 rules
>List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list