EAP-TLS / OpenSSL Debug Output

Alan DeKok aland at deployingradius.com
Wed May 27 23:30:02 CEST 2015

On May 27, 2015, at 11:13 AM, Ben Humpert <ben at an3k.de> wrote:
> The client certificate is signed by the same CA (Signing CA) that also
> signed the server certificate. If I specify the Signing CA cert in
> ca_file and try to connect with Android (with the Signing CA cert
> specified) I get the 'unknown CA' error. If I disable ca certificate
> in Android I get


  Test it with eapol_test.  Odds are it will work.

  Then ask Android why their supplicant doesn't work.

> In my raddb/certs directory I have the SigningCA.crt, the RootCA.crt,
> radius.crt (specified as certificate_file), radius.key
> (private_key_file) and ChainedCA.crt (ca_file).

  That should be fine.

  But vendors are well known for brutally destroying protocols so that they don't work.

  Alan DeKok.

More information about the Freeradius-Users mailing list