EAP advanced auth. methods problem
Tomas Pelka
tompelka at gmail.com
Sun Nov 22 19:32:51 CET 2009
tnt at kalik.net wrote:
>> So the problem is in certificate:
>>
>> [tls] <<< TLS 1.0 Handshake [length 038d], Certificate
>> --> verify error:num=20:unable to get local issuer certificate
>> [tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
>
> That means that you haven't imported self-signed ca certificate onto the
> client.
>
>> # openssl verify -CApath ca.pem client.pem
>> client.pem: /C=FR/ST=Radius/O=Example
>> Inc./CN=user at example.com/emailAddress=user at example.com
>> error 20 at 0 depth lookup:unable to get local issuer certificate
>>
>>
>> I'm little bit confused, I created the client certificate using make
>> client.
>
> Which uses server certificate to sign client certificates.
>
>> Isn't possible that freeradius Makefile is buggy?
>
> No. Try verify with server certificate (as it is done in Makefile).
# c_rehash .
# openssl verify -CApath . client.pem
client.pem: OK
# openssl verify -CApath . server.pem
server.pem: OK
Also tried modify wpa_supplicant conf:
- ca_cert="ca.pem"
+ ca_cert="server.pem"
But with the same result.
--
Tom
Key fingerprint = 06C0 23C6 9EB7 0761 9807 65F4 7F6F 7EAB 496B 28AA
More information about the Freeradius-Users
mailing list