EAP advanced auth. methods problem

tnt at kalik.net tnt at kalik.net
Sun Nov 22 00:34:02 CET 2009


> So the problem is in certificate:
>
> [tls] <<< TLS 1.0 Handshake [length 038d], Certificate
> --> verify error:num=20:unable to get local issuer certificate
> [tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca

That means that you haven't imported self-signed ca certificate onto the
client.

> # openssl verify -CApath ca.pem client.pem
> client.pem: /C=FR/ST=Radius/O=Example
> Inc./CN=user at example.com/emailAddress=user at example.com
> error 20 at 0 depth lookup:unable to get local issuer certificate
>
>
> I'm little bit confused, I created the client certificate using make
> client.

Which uses server certificate to sign client certificates.

> Isn't possible that freeradius Makefile is buggy?

No. Try verify with server certificate (as it is done in Makefile).

Ivan Kalik




More information about the Freeradius-Users mailing list