Radius Server and Radsecproxy Certificate problem
Alan DeKok
aland at deployingradius.com
Sun Jan 4 20:52:58 CET 2015
On Jan 4, 2015, at 12:22 PM, Ankit Prajapati <prajapati.ankit85 at gmail.com> wrote:
> I am trying to setup radsec using freeradius version 3.0.3.
You should upgrade to 3.0.6. It won’t fix this issue, but it’s generally netter.
> I have generated self-signed certificate on my freeradius server using openssl commands . I have generated CA ,client ,server. , and using same certificate for radsecProxy
Your certificates are wrong. The debug output shows this.
>
> (0) <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
> (0) ERROR: TLS Alert read:fatal:unknown CA
> (0) ERROR: TLS_accept: Failed in SSLv3 read client certificate A
That’s pretty clear. The client certificate being presented by radsecproxy is signed by a CA. FreeRADIUS doesn’t know anything about that CA.
You need to use ONE CA certificate. Put that on both systems. Then, use that CA to create a server certificate. Put that on FreeeRADIUS. Then, use that CA to create a client certificate. Put that on radsecproxy.
Alan DeKok.
More information about the Freeradius-Users
mailing list