Problem setting up EAP-TLS with hostap
Alan DeKok
aland at deployingradius.com
Sun Jan 12 14:07:24 CET 2014
Chris Anderson wrote:
> When I run freeradius with the -X option I get the following log
Attaching it in-line or as a ".txt" file would have been friendlier.
Anyways, the key lines are:
[tls] <<< TLS 1.0 Alert [length 0002], fatal decrypt_error
TLS Alert read:fatal:decrypt error
TLS_accept: failed in SSLv3 read client certificate A
rlm_eap: SSL error error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1
alert decrypt error
Your certificates / CA don't match. SSL isn't magic, but it fragile.
Follow the instructions on my web site: http://deployingradius.com/
Once you have it working with test certificates, then follow the
*same* procedure with real certificates. It *will* work.
The only way to keep SSL happy is a careful application of procedure.
If you skip a step, then the certificate chain doesn't make sense to
SSL, and it will fail.
Alan DeKok.
More information about the Freeradius-Users
mailing list