SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate

john lists.john at
Mon Jun 15 23:00:38 CEST 2009

On Sat, Jun 13, 2009 at 7:08 AM, Ivan Kalik<tnt at> wrote:
>> I used the Makefile to generate the certs. I then exported ca.der and
>> client.p12 and installed them on the XP box. Did I get the wrong
>> files?
> No, those are correct files. Is ca OK but you get errors for client
> certificate? Try using included Makefile (rename old Makefile to
> Makefile.old and this one to Makefile). It will create client certificates
> signed by the ca certificate.
> Ivan Kalik
> Kalik Informatika ISP

Hi Ivan,

The makefile you sent me allowd me to generate a correct client.p12
which cleared up the error reported by windows. Thanks very much. So
it looks like windows may prefer personal certs signed by the CA
rather than the server? I can sucessfully use the client cert with the
"Smart Card or other Certificate" options on Windows XP/SP3 (which
uses EAP-TLS I believe).

However it didn't fix my issue with trying to use a cert and PEAP or
TTLS. So I am stumped still on that one.

Any other ideas?

Thanks for your help!


More information about the Freeradius-Users mailing list