Migrating to a new server from 2.x to 3.0.4 CentOS 7
Kris Armstrong
kris.armstrong at me.com
Wed Jul 1 23:46:42 CEST 2015
There are no intermediate its a single Root CA and it is set
My EAP file TLS Section
I’ve commented out all but 2048ca.pem my client.pem is signed by but no difference.
ca_file = ${cadir}/ca.pem
# Customer CA Files:
ca_file = ${cadir}/00374255/root_ca.pem
# FNET CA Files:
ca_file = ${cadir}/fnetCerts/CA/pem/512ca.pem
ca_file = ${cadir}/fnetCerts/CA/pem/768ca.pem
ca_file = ${cadir}/fnetCerts/CA/pem/1024ca.pem
ca_file = ${cadir}/fnetCerts/CA/pem/1280ca.pem
ca_file = ${cadir}/fnetCerts/CA/pem/1536ca.pem
ca_file = ${cadir}/fnetCerts/CA/pem/1792ca.pem
ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem
ca_file = ${cadir}/fnetCerts/CA/pem/4096ca.pem
ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem
> On Jul 1, 2015, at 3:20 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
>
>> On Jul 1, 2015, at 4:58 PM, Kris Armstrong <kris.armstrong at me.com> wrote:
>>
>> Hi,
>>
>> I have migrated my root CA and free radius configs from FreeRadius 2.x to 3.0.4 on CentOS7. I’m receiving the following messages when attempting to authenticate the client with EAP/TLS. PEAP/MSCHPv2 works perfect.
>>
>> I have tried to recreate the ROOT CA and Client cert but that produces the same error message. I’m not sure where to go from here.
>
> Looks like you've not set ca_file? Or it doesn't contain all the intermediaries (you need to concat them into the same file).
>
> -Arran
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list