more EAP/TTLS trouble
Phil Mayers
p.mayers at imperial.ac.uk
Wed May 23 18:24:54 CEST 2012
On 23/05/12 16:16, Alan DeKok wrote:
>> rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
>> alert unknown ca
>> SSL: SSL_read failed inside of TLS (-1), TLS session fails.
>
> IIRC, it means that the client doesn't have the same CA as the server.
> So it gets the server's certificate, and goes "huh?". It then sends an
> "unknown CA" back to the server.
>
> The solution is to add the CA to the client PC.
For what it's worth, it would be *really* handle to be able to trigger a
log message (with controllable format) when this happened; possibly a
"trigger"?
More information about the Freeradius-Users
mailing list