SSL error after updating cert

Eric Geier me at egeier.com
Fri Oct 21 23:31:40 CEST 2011


Thanks for the reply!

Yes, the clients are set with correct time/date.

That command didn't work. Did you mean openssl verify command? I
ran that and both the old cert (still valid for a few days) and
the new cert (already valid) shows correct domain but then says:

error 20 at 0 depth lookup:unable to get local issuer certificate

This may not be the problem since I get it with both old and new
certs.

Any other ideas?


On Fri Oct 21 14:56:33 CDT 2011, James J J Hooper
<jjj.hooper at bristol.ac.uk> wrote:

> On 21/10/2011 20:44, Eric Geier wrote:
>> Hi, I?m trying to update my server?s cert, but getting errors
>> after applying it:
>> 
>> Fri Oct 21 12:26:45 2011 : Error: TLS Alert 
>> read:fatal:certificate
>> expired
>> Fri Oct 21 12:26:45 2011 : Error:     TLS_accept:failed in SSLv3
>> read client certificate A
>> Fri Oct 21 12:26:45 2011 : Error: rlm_eap: SSL error
>> error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
>> certificate expired
>> Fri Oct 21 12:26:45 2011 : Error: rlm_eap_tls: SSL_read failed
>> inside of TLS (-1), TLS session fails.
>> 
>> Says expired but I?m using the new cert, which is a renewal from 
>> a
>> third-party CA and using the same private key. I apply it by
>> inserting the text of the .crt file into the server-cert.pem file
>> in the certs folder. I think that?s all I have to do and restart
>> freeradius?
>> 
> 
> 1) Check the date on the client system is correct
> 
> 2) do:
> openssl -in /path/to/your/raddb/server-cert.pem -noout -text
> and verify the properties of the cert you have.
> 
> -James
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 




More information about the Freeradius-Users mailing list