need help - force EAP-TTLS to validate the server certificate

[Klaus Laus]

The message is clear. Yes I created a client certificate and imported it into the client. 
When I use TLS to connect to the freeradius server I can choose the client certificate in the TLS dialog and the client can login successfully.

When I use PEAP to login I have to type in my username and password in the PEAP dialog from windows but I can not select a client certificate, the certificate is imported successfully in the windows certificate manager.
Should I be able to choose a client certificate in the PEAP dialog or should it work when the certificate is saved in the windows certificate manager and I only have to type in my username and password in the PEAP dialog? 

I want to allow only PEAP logins (or username/password logins) with client certificate. 



-------- Original-Nachricht --------
> Datum: Tue, 21 Sep 2010 09:33:29 +0200
> Von: Alan DeKok <aland at deployingradius.com>
> An: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Betreff: Re: need help - force EAP-TTLS to validate the server certificate

> Klaus Laus wrote:
> > I tried to login from another client, but it´s the same problem.
> > 
> > TLS Alert write:fatal:handshake failure
> > TLS_accept:error in SSLv3 read client certificate B
> > rlm_eap: SSL error error:140890C7:SSL
> > routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
> > SSL: SSL_read failed in a system call (-1), TLS session fails.
> 
>   That message should be clear.  The supplicant didn't send a client
> certificate.
> 
>   Did you create a client certificate?
> 
>   If so, did you copy it to the client?
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-- 
GRATIS: Spider-Man 1-3 sowie 300 weitere Videos!
Jetzt freischalten! http://portal.gmx.net/de/go/maxdome