Problem Using GoDaddy Wildcard Certificate

Thomas Simmons twsnnva at gmail.com
Sun Mar 3 03:28:39 CET 2013


Hello All,

I'm trying to get my setup working with a GoDaddy-issued wildcard
certificate (I understand self-signed is recommended). I don't understand
why this is not working and appreciate any input. What I have found so far:

Everything works with self-signed certs. With the CA cert imported,
"Validate server certificate" is not required.
Everything works with GoDaddy certs on Android.
Everything works with GoDaddy certs and "Validate ..." unchecked.

On Win 7, with "Validate ..." checked, I receive the following error:

[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Alert [length 0002], fatal access_denied
TLS Alert read:fatal:access denied
[peap] WARNING: No data inside of the tunnel.
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state ?
[peap] FAILED processing PEAP: Tunneled data is invalid.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.

The GoDaddy certs appear to have the necessary "XP Extensions". The
following is reported under "Enhanced Key Usage" when I view the cert in
Windows:
Server Authentication (1.3.6.1.5.5.7.3.1)
Client Authentication (1.3.6.1.5.5.7.3.2)

Likewise, openssl reports:
$ openssl x509 -in server.crt -text -noout | grep "Web Server"
                TLS Web Server Authentication, TLS Web Client Authentication

The certification path for my cert is: My Cert > GoDaddy Secure
Certification Authority > Go Daddy Class 2 Certification Authority

I added my certificate to the beginning of the chain file provided by
GoDaddy (used cat to ensure no errors) and pointed certificate_file to
this. I then selected the "Go Daddy Class 2 Certification Authority" under
the network profile. When this did not work, I imported the chain file into
my Trusted Root CAs and selected "GoDaddy Secure Certification Authority"
in the wifi profile. This also did not work. Lastly, I cleaned up my
certificate store, split apart the chain file into separate files, imported
"GoDaddy Secure Certification Authority" into my Trusted Root CAs, selected
the same in the wifi profile, and pointed certificate_file to my cert ONLY.
Does anyone see a reason this should not work? Ideas on what to try next?
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130302/1e133979/attachment.html>


More information about the Freeradius-Users mailing list