Problem Using GoDaddy Wildcard Certificate

Alan DeKok aland at
Sun Mar 3 03:48:07 CET 2013

Thomas Simmons wrote:
> On Win 7, with "Validate ..." checked, I receive the following error:
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap] <<< TLS 1.0 Alert [length 0002], fatal access_denied
> TLS Alert read:fatal:access denied

  The Windows box is refusing to accept the servers certificate.

> The GoDaddy certs appear to have the necessary "XP Extensions". The
> following is reported under "Enhanced Key Usage" when I view the cert in
> Windows:
> Server Authentication (
> Client Authentication (


> I added my certificate to the beginning of the chain file provided by
> GoDaddy (used cat to ensure no errors) and pointed certificate_file to
> this. I then selected the "Go Daddy Class 2 Certification Authority"
> under the network profile. When this did not work, I imported the chain
> file into my Trusted Root CAs and selected "GoDaddy Secure Certification
> Authority" in the wifi profile. This also did not work. Lastly, I
> cleaned up my certificate store, split apart the chain file
> into separate files, imported "GoDaddy Secure Certification Authority"
> into my Trusted Root CAs, selected the same in the wifi profile, and
> pointed certificate_file to my cert ONLY. Does anyone see a reason this
> should not work? Ideas on what to try next? Thank you.

  Ask Microsoft why their software doesn't work.

  It sounds like you followed all of the right steps.  Maybe you missed
something minor (and critical).  It's hard to say.  There's a lot of
magic in SSL.

  Alan DeKok.

More information about the Freeradius-Users mailing list