Wild Card GoDaddy cert
Ryan De Kock
ryandekock1988 at gmail.com
Fri May 23 16:48:41 CEST 2014
Hi,
I have a wildcard cert from godaddy.com.
I have tested the cert on Microsoft NPS & IAS and it works fine.
I'm sure it will work in freeradius too, however I can't figure it out.
I have godaddy.crt bundl.e.crt & godaddy.key.
I have added these to freeradius however it does work.
This is what windows does when I don't validate certificates
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 37
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Alert [length 0002], fatal access_denied
TLS Alert read:fatal:access denied
[peap] WARNING: No data inside of the tunnel.
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state ?
[peap] FAILED processing PEAP: Tunneled data is invalid.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
} # server Cerebus
This is a successfull auth on my linux client
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_file = ${certdir}/godaddy.key
certificate_file = ${certdir}/godaddy.crt
dh_file = ${certdir}/dh
random_file = ${certdir}/random
}
So Im not sure if its got to do with no using the cert chain or what I'm
doing wrong but would appreciate any guidance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140523/f44e9846/attachment.html>
More information about the Freeradius-Users
mailing list