need help - force EAP-TTLS to validate the server certificate
superklausx at gmx.de
Tue Sep 21 12:17:28 CEST 2010
The message is clear. Yes I created a client certificate and imported it into the client.
When I use TLS to connect to the freeradius server I can choose the client certificate in the TLS dialog and the client can login successfully.
When I use PEAP to login I have to type in my username and password in the PEAP dialog from windows but I can not select a client certificate, the certificate is imported successfully in the windows certificate manager.
Should I be able to choose a client certificate in the PEAP dialog or should it work when the certificate is saved in the windows certificate manager and I only have to type in my username and password in the PEAP dialog?
I want to allow only PEAP logins (or username/password logins) with client certificate.
-------- Original-Nachricht --------
> Datum: Tue, 21 Sep 2010 09:33:29 +0200
> Von: Alan DeKok <aland at deployingradius.com>
> An: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Betreff: Re: need help - force EAP-TTLS to validate the server certificate
> Klaus Laus wrote:
> > I tried to login from another client, but it´s the same problem.
> > TLS Alert write:fatal:handshake failure
> > TLS_accept:error in SSLv3 read client certificate B
> > rlm_eap: SSL error error:140890C7:SSL
> > routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
> > SSL: SSL_read failed in a system call (-1), TLS session fails.
> That message should be clear. The supplicant didn't send a client
> Did you create a client certificate?
> If so, did you copy it to the client?
> Alan DeKok.
> List info/subscribe/unsubscribe? See
GRATIS: Spider-Man 1-3 sowie 300 weitere Videos!
Jetzt freischalten! http://portal.gmx.net/de/go/maxdome
More information about the Freeradius-Users