Wild Card GoDaddy cert

Rui Ribeiro ruyrybeyro at gmail.com
Fri May 23 17:29:47 CEST 2014 

Hi Ryan,

As far as I remember, Windows does not support wildcard certificates.

Regards


> Message: 5
> Date: Fri, 23 May 2014 16:48:41 +0200
> From: Ryan De Kock <ryandekock1988 at gmail.com>
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: Wild Card GoDaddy cert
> Message-ID:
>         <
> CANek+E1Fm+_zWfbcyz2Nuax+BXp2O7czOteSXoNq09xfi7p6JA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> I have a wildcard cert from godaddy.com.
>
> I have tested the cert on Microsoft NPS & IAS and it works fine.
>
> I'm sure it will work in freeradius too, however I can't figure it out.
>
> I have godaddy.crt bundl.e.crt & godaddy.key.
>
> I have added these to freeradius however it does work.
>
> This is what windows does when I don't validate certificates
>
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
>   TLS Length 37
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap] <<< TLS 1.0 Alert [length 0002], fatal access_denied
> TLS Alert read:fatal:access denied
> [peap] WARNING: No data inside of the tunnel.
> [peap] eaptls_process returned 7
> [peap] EAPTLS_OK
> [peap] Session established.  Decoding tunneled attributes.
> [peap] Peap state ?
> [peap] FAILED processing PEAP: Tunneled data is invalid.
> [eap] Handler failed in EAP/peap
> [eap] Failed in EAP select
> ++[eap] returns invalid
> Failed to authenticate the user.
> } # server Cerebus
>
> This is a successfull auth on my linux client
>
>
>
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] eaptls_verify returned 7
> [peap] Done initial handshake
> [peap] eaptls_process returned 7
> [peap] EAPTLS_OK
> [peap] Session established.  Decoding tunneled attributes.
> [peap] Peap state send tlv success
> [peap] Received EAP-TLV response.
> [peap] Success
> [eap] Freeing handler
> ++[eap] returns ok
>
>
>                 tls {
>
>                            certdir = ${confdir}/certs
>                            cadir = ${confdir}/certs
>                         private_key_file = ${certdir}/godaddy.key
>                         certificate_file = ${certdir}/godaddy.crt
>                         dh_file = ${certdir}/dh
>                         random_file = ${certdir}/random
> }
>
>
> So Im not sure if its got to do with no using the cert chain or what I'm
> doing wrong but would appreciate any guidance
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140523/f44e9846/attachment-0001.html
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140523/b52c8d10/attachment.html>

More information about the Freeradius-Users mailing list