Wild Card GoDaddy cert

Ryan De Kock ryandekock1988 at gmail.com
Fri May 23 16:48:41 CEST 2014


Hi,

I have a wildcard cert from godaddy.com.

I have tested the cert on Microsoft NPS & IAS and it works fine.

I'm sure it will work in freeradius too, however I can't figure it out.

I have godaddy.crt bundl.e.crt & godaddy.key.

I have added these to freeradius however it does work.

This is what windows does when I don't validate certificates

[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 37
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Alert [length 0002], fatal access_denied
TLS Alert read:fatal:access denied
[peap] WARNING: No data inside of the tunnel.
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state ?
[peap] FAILED processing PEAP: Tunneled data is invalid.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
} # server Cerebus

This is a successfull auth on my linux client



[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok


                tls {

                           certdir = ${confdir}/certs
                           cadir = ${confdir}/certs
                        private_key_file = ${certdir}/godaddy.key
                        certificate_file = ${certdir}/godaddy.crt
                        dh_file = ${certdir}/dh
                        random_file = ${certdir}/random
}


So Im not sure if its got to do with no using the cert chain or what I'm
doing wrong but would appreciate any guidance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140523/f44e9846/attachment.html>


More information about the Freeradius-Users mailing list