validate server certificate fails

Thu Nov 7 14:30:24 CET 2013

I have tested selfsing certificate, it works. I had to copy the ca.cert
into windows client.

Pretty much what this link describes.

http://kirkkosinski.com/2012/10/securing-wi-fi-with-peap-and-freeradius-on-centos/

Now, i have signed certificate from our CA added into eap.conf then
imported ca.pem into windows machine. 7 machine and try to authenticate, it
always fails. but If I check off the validate server certificate on
M$$$$$client machine it works.

I have following in my eap.conf
     tls {
                        certdir = ${confdir}/certs
                        cadir = ${confdir}/certs
                        private_key_file = ${certdir}/myhost.example.key
                        certificate_file = ${certdir}/myhost.example.crt
                        CA_file = ${certdir}/ca.pem
                        dh_file = ${certdir}/dh
                        random_file = /dev/urandom
                        fragment_size = 1024
                        include_length = yes
                        check_crl = no
                        cipher_list = "DEFAULT"
                }

freeradius version is freeradius-2.1.10-5.el6.x86_64 and Red Hat Enterprise
Linux Server release 6.1

This M$ is giving me nightmare :)

any idea on this would be great
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20131107/b44a1489/attachment.html>