Beginner help

KAVYA PRABHAKAR kavyamelinmaneprabhakar at gmail.com
Thu Oct 16 10:32:11 CEST 2014 

Hi,

I generated .csr using openssl command and used this csr to generate CA
signed certificate. I installed this CA signed certificate under trusted
root of server. But when I run freeradius in debug mode, I get the
following error:

(0) <<< TLS 1.0 Handshake [length 0208], Certificate
--> verify error:num=20:unable to get local issuer certificate
(0) ERROR: SSL says error 20 : unable to get local issuer certificate
(0) >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
(0) ERROR: SSL says: TLS Alert write:fatal:unknown CA
(0) ERROR: SSL says:     TLS_accept: error in SSLv3 read client certificate
B
(0) ERROR: SSL says: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
SSL: SSL_read failed in a system call (-1), TLS session fails.
(0) FAILED in TLS handshake receive
Closing TLS socket from client port 1645
Client has closed connection
 ... shutting down socket auth from client (10.253.6.11, 1645) -> (*, 2083,
virtual-server=default)

Debug says "fatal unknown_ca". I think I should be adding CA information
somewhere in the server. Could anybody please guide me on the same.
I would like to know where am I going wrong.

Thanks,
Kavya

On Thu, Oct 16, 2014 at 8:26 AM, KAVYA PRABHAKAR <
kavyamelinmaneprabhakar at gmail.com> wrote:

> Hi,
>
> Thanks for the help.
> I am able to open 2083 tcp port.
> I have a RADIUS client which sends request to freeradius server. Before
> sending request to server, it creates a TCP\TLS connection with it.
> TCP connection is getting established and during TLS handhsake, server
> throws following error:
>
> (0) <<< TLS 1.0 Handshake [length 025c], Certificate
> --> verify error:num=18:self signed certificate
> (0) ERROR: SSL says error 18 : self signed certificate
> (0) >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
> (0) ERROR: SSL says: TLS Alert write:fatal:unknown CA
> (0) ERROR: SSL says:     TLS_accept: error in SSLv3 read client
> certificate B
> (0) ERROR: SSL says: error:140890B2:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
> SSL: SSL_read failed in a system call (-1), TLS session fails.
> (0) FAILED in TLS handshake receive
> Closing TLS socket from client port 1645
> Client has closed connection
>  ... shutting down socket auth from client (10.253.6.11, 1645) -> (*,
> 2083, virtual-server=default)
> Waking up in 2.9 seconds.
> ... cleaning up socket auth from client (10.253.6.11, 1645) -> (*, 2083,
> virtual-server=default)
>
> Looking at the debugs I think server expects client certificate
> information as well. Does it work on MTLS? (mutual TLS).
> I am using self signed certificate generated by ubuntu(where server is
> installed) and using the same in tls file.
> The same certificate is put under trusted root in client as well.
>
>
> Thanks,
> Kavya
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141016/d91ea5d7/attachment-0001.html>

More information about the Freeradius-Users mailing list