Certificates Validadtion
tnt at kalik.net
tnt at kalik.net
Tue Nov 10 19:44:12 CET 2009
> I'm trying to perform a EAP-TTLS Radius Authentication by using the
> server certificates.
> So, from my windows laptop I have selected at the "Step 2: TTLS Server"
> --> "Validate Server Certificate"
> I have follow the steps at
> http://wiki.freeradius.org/WPA_HOWTO#HOWTO_Do_It:_An_Outline
>
> But the server response is....
>
> .....
> rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
> TLS Alert read:fatal:unknown CA
> TLS_accept:failed in SSLv3 read client certificate A
> rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
> alert unknown ca
> .....
>
> Any idea of where is the mistake?
Since your ca certificate is self-signed you need to import it onto the
client machine as well. Client only "knows" a list of commercial root
certificates.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list