Microsoft: Certificate Authentication

tnt at kalik.net tnt at kalik.net
Wed Dec 2 23:20:20 CET 2009


> I'm a newbie, and I'm trying to configure a simple EAP-TLS
> autententication by using client certificates.
> I have follow different procedures that I have found on the web to do
> that, but no successful currently
>
> http://wiki.freeradius.org/WPA_HOWTO#HOWTO_Do_It:_An_Outline

> - 2nd... What is wrong in my configuration? I can not distinguish, at
> the moment, which is the entry at logs that I should focus.

> [tls] <<< TLS 1.0 Handshake [length 036f], Certificate
> --> verify error:num=20:unable to get local issuer certificate
> [tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
> TLS Alert write:fatal:unknown CA

If you had followed the howto guide and done:

In the list of trusted root CAs, check only the CA that corresponds to the
certificate you have generated

error wouldn't happen. You most likely haven't imported you self-signed
root CA onto the client.

Ivan Kalik




More information about the Freeradius-Users mailing list