EAP-TLS / OpenSSL Debug Output
Alan DeKok
aland at deployingradius.com
Wed May 27 23:30:02 CEST 2015
On May 27, 2015, at 11:13 AM, Ben Humpert <ben at an3k.de> wrote:
> The client certificate is signed by the same CA (Signing CA) that also
> signed the server certificate. If I specify the Signing CA cert in
> ca_file and try to connect with Android (with the Signing CA cert
> specified) I get the 'unknown CA' error. If I disable ca certificate
> in Android I get
Errors.
Test it with eapol_test. Odds are it will work.
Then ask Android why their supplicant doesn't work.
> In my raddb/certs directory I have the SigningCA.crt, the RootCA.crt,
> radius.crt (specified as certificate_file), radius.key
> (private_key_file) and ChainedCA.crt (ca_file).
That should be fine.
But vendors are well known for brutally destroying protocols so that they don't work.
Alan DeKok.
More information about the Freeradius-Users
mailing list