generating ssl certs in debian squeeze

val john valjohn1647 at gmail.com
Sat Sep 15 05:46:23 CEST 2012


Hi...

as i see log says , "Error: TLS Alert read:fatal:unknown CA"   . and you
need to specify the  certificate Authority in your client  when testing.
Certifcate authority is a File called "CA.pem"  once you added to the
client error should go away. And make sure debian sever hostname should be
same as "commonName" specified in server.cnf

Thank You

On 15 September 2012 08:44, austin wonderly <lacrosse1991 at gmail.com> wrote:

> hello, thanks for the tip, although unfortunately im am still getting
> problems :(  have included the out of eapol_test right here
> http://pastebin.com/8iKsCUfn and also what shows up in the freeradius
> logs as well (have included the file names that i currently have in in my
> /etc/freeradius/certs directory) http://pastebin.com/MtQDVaWL, would you
> guys know of anything that I could do to resolve this? it actually seems
> like the same problem that i've been having with the other solutions that I
> have tried earlier on (yesterday and today), thanks again for the help too
>
>
> On Fri, Sep 14, 2012 at 9:17 PM, val john <valjohn1647 at gmail.com> wrote:
>
>> Download the tar.gz file form freeradius , in that file , in folder
>> "freeradius-server-xxx/raddb/certs"  provide very easy way generate certs
>> (./bootstrap) , just copy its  its content to the  freeradius in debian
>> "/etc/freeradius/certs/"
>>
>> Thank you
>>
>>
>> ---------- Forwarded message ----------
>> From: austin wonderly <lacrosse1991 at gmail.com>
>> Date: 15 September 2012 03:23
>> Subject: generating ssl certs in debian squeeze
>> To: freeradius-users at lists.freeradius.org
>>
>>
>> Hello, I was wondering if anyone knew of any tutorials for generating ssl
>> certificates for freeradius in debian squeeze? Have been trying to find a
>> method that would work over the last few days and have not found a solution
>> yet (have probably spent around 6-7 hrs just getting this part to work so
>> far), I am trying to setup a radius server to provide eap-ttls
>> authentication for a non public network (windows machines, as well linux
>> based machines would be on the network), if someone could point me in the
>> right direction though or possibly offer some advice I would really
>> appreciate it as i've pretty much exhausted my options at this point in
>> time. having said that, would there be any downsides to just using the
>> "snakeoil" certificates in this type of configuration? thanks
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120915/f84b1d9e/attachment.html>


More information about the Freeradius-Users mailing list