EAP-TLS Authentication fails( TLS_accept: error in SSLv3 read client certificate B)

Esma Yalcinkaya esmayalcinkayaa at gmail.com
Wed Nov 27 15:09:43 CET 2013


Could anybody help me about EAP-TLS authentication?

I use freeradius-server-2.2.0 version, and openssl is installed and use

Configured eap.conf file (make default_eap_type = tls and update the tls
certificate configs.)

Then, created certificates via "bootstap", "make" and "make client"
commands. Import them to glassfish with keytool:

keytool -import -alias root -keystore keystore.jks -trustcacerts -file
keytool -import -alias client -keystore keystore.jks -trustcacerts -file

However, when I sent an eap-tls authentication request, I took following

[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] <<< TLS 1.0 Handshake [length 0007], Certificate
[tls] >>> TLS 1.0 Alert [length 0002], fatal handshake_failure
TLS Alert write:fatal:handshake failure
    TLS_accept: error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type REJECT

I read a lot about this issue, but I could not figure out what is missing.

Thanks & Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20131127/8e08b736/attachment.html>

More information about the Freeradius-Users mailing list