[ttls] <<< TLS 1.0 Alert [length 0002], fatal bad_certificate

Ben ben+freeradius at list-subs.com
Sat Mar 1 12:41:09 CET 2014

> The CA root, if it isn't already present.

Have already tried that, as mentioned.  Hence my approaching the list 
for further advice.
> You also need to ensure that the "certificate_file" option under the 
> eap{} module contains the server and all intermediate certs (you don't 
> need to put the root on there).
Will go double check....
> If you've done that, then either there's something wrong with the 
> certs, or something wrong with the client. Since it's the client 
> complaining, you'll need to debug the client.

There's nothing wrong with the certs, they work perfectly well with 

If you've got ideas for debugging an Amazon Paperwhite, I'd love to hear 
them !

> What is the client?

Amazon Paperwhite.  I'm broadly trying to follow the hints here 
(https://tribut.de/blog/amazon-kindle-and-eduroam/) although this isn't 
being connected to Eduroam.

More information about the Freeradius-Users mailing list