Wild Card GoDaddy cert
Alan DeKok
aland at deployingradius.com
Fri May 23 16:56:49 CEST 2014
Ryan De Kock wrote:
> I have a wildcard cert from godaddy.com.
>
> I have tested the cert on Microsoft NPS & IAS and it works fine.
The issue isn't the server. It's the client.
> I'm sure it will work in freeradius too, however I can't figure it out.
>
> I have godaddy.crt bundl.e.crt & godaddy.key.
>
> I have added these to freeradius however it does work.
>
> This is what windows does when I don't validate certificates
>
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> TLS Length 37
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap] <<< TLS 1.0 Alert [length 0002], fatal access_denied
> TLS Alert read:fatal:access denied
That is the client saying it didn't like the certificate from the server.
> So Im not sure if its got to do with no using the cert chain or what I'm
> doing wrong but would appreciate any guidance
You need to include ALL of the certs in the chain. This includes the
godaddy CA cert.
Try "openssl verify" on the godaddy certificate. If it gives errors,
that's the problem.
Alan DeKok.
More information about the Freeradius-Users
mailing list