EAP/TLS authentication in 2050
Phil Mayers
p.mayers at imperial.ac.uk
Mon Dec 5 10:49:12 CET 2011
On 12/05/2011 08:25 AM, Victor Guk wrote:
> [tls] <<< TLS 1.0 Handshake [length 0249], Certificate
> --> verify error:num=9:certificate is not yet valid
> [tls] >>> TLS 1.0 Alert [length 0002], fatal bad_certificate
> TLS Alert write:fatal:bad certificate
This error comes from within OpenSSL. FreeRADIUS just does what OpenSSL
tells it.
Can you verify the cert with the "openssl verify ..." test command? e.g.
try this:
openssl verify -CAfile ca.pem -purpose sslserver server.pem
If this fails as well, then it's either a problem in OpenSSL or your
system libraries with dates >2050. If it succeeds (which I doubt) then
FreeRADIUS should work too.
I sort of admire your effort to future-proof your certs though! ;o)
Cheers,
Phil
More information about the Freeradius-Users
mailing list