ttls ssl handshake error.

tnt at kalik.net tnt at kalik.net
Thu Jan 22 00:04:45 CET 2009


>I have created all the certs etc using FR bootstrap and "make client" .. I
>have made sure my eap.conf info is all correct..
>Yest here is what i'm receiving in the logs , thanks for any input
>
>rlm_eap_ttls: Authenticate
>  rlm_eap_tls: processing TLS
>  eaptls_verify returned 7
>  rlm_eap_tls: Done initial handshake
>  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0007], Certificate
>  rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal handshake_failure
>TLS Alert write:fatal:handshake failure
>    TLS_accept:error in SSLv3 read client certificate B
>rlm_eap: SSL error error:140890C7:SSL
>routines:SSL3_GET_CLIENT_CERTIFICATE:peer
>did not return a certificate
>rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
>  eaptls_process returned 13
>  rlm_eap: Freeing handler
>++[eap] returns reject
>auth: Failed to validate the user.

That's Windows, right? You have properly installed the client
certificate into the certificate store but Windows won't send it? When
you open certificate properties it goes on about "not being able to
validate certificate"?

Try altering Makefile in raddb/certs and signing client certificate with
ca instead of server certificate.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list