chain certificate problem

Thierry Chich thierry.chich at
Wed Nov 6 17:57:43 CET 2013


I have a problem with the certificate I use for my eap-peap. It seems that the certificate is not recognized.
What I know:

1) the chain is complete :
radius:/etc/freeradius/certs# c_rehash certificatAP/
radius:/etc/freeradius/certs# openssl verify -CApath certificatAP/ certificatAP/certificat20sept2014.pem 
certificatAP/certificat20sept2014.pem: OK

2) it is a problem of certificate: windows accept to connect if I ask him to not vaidate the certificate server. With other os than windows, I have more details. OSX is claiming that my certificate is not verified. It is not OS related.

3) The root certificate is accepted in both OS.

What the point ? Should I have all the intermediate certificate in the store of my clients ? Is it a way to present the whole chain to the client, the same way it can be done by http servers ?

Thierry CHICH

More information about the Freeradius-Users mailing list