Migrating to a new server from 2.x to 3.0.4 CentOS 7
Kris Armstrong
kris.armstrong at me.com
Wed Jul 1 22:58:36 CEST 2015
Hi,
I have migrated my root CA and free radius configs from FreeRadius 2.x to 3.0.4 on CentOS7. I’m receiving the following messages when attempting to authenticate the client with EAP/TLS. PEAP/MSCHPv2 works perfect.
I have tried to recreate the ROOT CA and Client cert but that produces the same error message. I’m not sure where to go from here.
(6) eap_tls : <<< TLS 1.0 Handshake [length 03d4], Certificate
--> verify error:num=20:unable to get local issuer certificate
(6) ERROR: eap_tls : SSL says error 20 : unable to get local issuer certificate
(6) eap_tls : >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
(6) ERROR: eap_tls : TLS Alert write:fatal:unknown CA
tls: TLS_accept: Error in SSLv3 read client certificate B
(6) ERROR: eap_tls : SSL says: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
(6) eap_tls : eaptls_process returned 4
(6) ERROR: eap : Failed continuing EAP TLS (13) session. EAP sub-module failed
(6) eap : Failed in EAP select
(6) [eap] = invalid
(6) } # authenticate = invalid
More information about the Freeradius-Users
mailing list