Migrating to a new server from 2.x to 3.0.4 CentOS 7
Jorge Pereira
jpereiran at gmail.com
Wed Jul 1 23:12:27 CEST 2015
Please,
try the 3.0.8 or build from the HEAD
--
Jorge Pereira
On Wed, Jul 1, 2015 at 5:58 PM, Kris Armstrong <kris.armstrong at me.com>
wrote:
> Hi,
>
> I have migrated my root CA and free radius configs from FreeRadius 2.x to
> 3.0.4 on CentOS7. I’m receiving the following messages when attempting to
> authenticate the client with EAP/TLS. PEAP/MSCHPv2 works perfect.
>
> I have tried to recreate the ROOT CA and Client cert but that produces the
> same error message. I’m not sure where to go from here.
>
> (6) eap_tls : <<< TLS 1.0 Handshake [length 03d4], Certificate
> --> verify error:num=20:unable to get local issuer certificate
> (6) ERROR: eap_tls : SSL says error 20 : unable to get local issuer
> certificate
> (6) eap_tls : >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
> (6) ERROR: eap_tls : TLS Alert write:fatal:unknown CA
> tls: TLS_accept: Error in SSLv3 read client certificate B
> (6) ERROR: eap_tls : SSL says: error:140890B2:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
> SSL: SSL_read failed in a system call (-1), TLS session fails.
> TLS receive handshake failed during operation
> (6) eap_tls : eaptls_process returned 4
> (6) ERROR: eap : Failed continuing EAP TLS (13) session. EAP sub-module
> failed
> (6) eap : Failed in EAP select
> (6) [eap] = invalid
> (6) } # authenticate = invalid
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list