problem with CA certificate using mschapv2

Matthew Newton mcn4 at
Wed Jan 21 12:26:48 CET 2015

On Wed, Jan 21, 2015 at 11:10:23AM +0100, marcos wrote:
> TLS Alert read:fatal:unknown CA
>     TLS_accept: failed in SSLv3 read client certificate A
> rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
> alert unknown ca
> SSL: SSL_read failed inside of TLS (-1), TLS session fails.

The client has got a problem with the CA.

> Looking radiusd.conf all seems to be correct, but Im using TERENA CA and
> Im not sure which CA is the correct. Somebody knows how to concret the
> error? Is not reading CA? CA is not valid?

Is the CA cert (and all intermediate certs) installed on the

If the intermediate certs are not installed on the client, are you
sending them (in the right order) from the server?


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list