Validate server certificate problem

Petar Marinkovic highl1 at gmail.com
Tue Aug 9 18:15:47 CEST 2011


I've set up latest version of FreeRadius from source on Ubuntu, and I cannot
get EAP-TLS and PEAP to work when the option "Validate server certificate"
is on. We're using Windows CA to be able to auth users on the domain. I saw
this old article
http://lists.freeradius.org/mailman/htdig/freeradius-users/2006-October/msg00515.html
on
how to generate server certificate, but that fails for me in both ways
1st fails because of a missing template on Windows CA - how to create the
template to match what freeradius needs?
2nd fails with the following error CA certificate and CA private key do not
match
2634:error:0B080074:x509 certificate routines:X509_check_private_key:key
values mismatch:x509_cmp.c:406:
That's strange, cause CA cert and CA private key are in the same file (as
noted in the text) and I didn't mistake the password (since I followed the
message blindly, with the same password).

When I untick the "Validate server certificate" in Windows clients (XP,
Windows 7) I'm able to connect with both EAP-TLS and PEAP

Any help is appreciated, thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110809/8fb9ed4b/attachment.html>


More information about the Freeradius-Users mailing list