[ttls] <<< TLS 1.0 Alert [length 0002], fatal bad_certificate

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Sat Mar 1 10:33:09 CET 2014

What's the client?  Its not just a case of putting the root/intermediate CA onto the client. .. its WHERE you put it on the client and trust settings for the certs.
You need to ensure that the server cert has required extensions in it (some new clients are even fussier eg windows phone which needs CRLDP too!) . You also need to make sure your freeradius server is actually serving out the server/root certs that you think it is and that the certs are still valid (!) 
What happens if you run the tests locally with eapol_test (from wpa_supplicant package) using config that can be adapted from the conf files available in the src/tests directory of the freeradius source code?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140301/9a77b2a5/attachment.html>

More information about the Freeradius-Users mailing list