TLS Certificate error?

Alan DeKok aland at
Tue May 26 14:19:19 CEST 2015

On May 25, 2015, at 10:46 PM, Scott A. Johnson <scott.a.johnson at> wrote:
> I’m using version 2.2.0 which is installed with Mac OS X 10.10.3.  Trying to get EAP-TLS working.  I *think* I have my certificates installed, and permissions set correctly, however my clients can’t connect and the error, best I can tell, is certificate based as I receive the error “certificate signature failure”.  Where I’m not sure is if this means I have something wrong with my public/private key, an error in my config files with FreeRadius, or something else entirely.  

  Magic... deep magic.

  Not really, but sometimes SSL feels like that.

> --> verify error:num=7:certificate signature failure 
> [tls] >>> TLS 1.0 Alert [length 0002], fatal decrypt_error  
> TLS Alert write:fatal:decrypt error

  That's not good.  I've seen it from time to time, and honestly... it's not clear what's going on.  I'm not familiar enough with the SSL internals to say.

  Try using the fake certificates in raddb/certs/.  If those don't work, then the system is broken.  Something in the client, or OpenSSL, or 2.2.0.  If those certificates do work, then the certificates you're using are broken somehow.

  Alan DeKok.

More information about the Freeradius-Users mailing list