Wild Card GoDaddy cert

Alan DeKok aland at deployingradius.com
Fri May 23 16:56:49 CEST 2014

Ryan De Kock wrote:
> I have a wildcard cert from godaddy.com.
> I have tested the cert on Microsoft NPS & IAS and it works fine.

  The issue isn't the server.  It's the client.

> I'm sure it will work in freeradius too, however I can't figure it out.
> I have godaddy.crt bundl.e.crt & godaddy.key.
> I have added these to freeradius however it does work.
> This is what windows does when I don't validate certificates
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
>   TLS Length 37
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap] <<< TLS 1.0 Alert [length 0002], fatal access_denied 
> TLS Alert read:fatal:access denied

  That is the client saying it didn't like the certificate from the server.

> So Im not sure if its got to do with no using the cert chain or what I'm
> doing wrong but would appreciate any guidance

  You need to include ALL of the certs in the chain.  This includes the
godaddy CA cert.

  Try "openssl verify" on the godaddy certificate.  If it gives errors,
that's the problem.

  Alan DeKok.

More information about the Freeradius-Users mailing list