help seeing more debugging EAP-TTLS handshake

A.L.M.Buxey at A.L.M.Buxey at
Fri Sep 25 16:01:21 CEST 2015


> My problem with the Macs is figuring out what they do not like about the
> server certificate.

can you provide your server cert?

Macs will care about things like

is it SHA1 or SHA256 (and not MD5)  - is the CA SHA1 or SHA256 too? 

does the server cert have CA = false  or can the server cert be a CA too? (CA = True) - ie no contraints

does the server cert have a Common Name and a SubjectAltName by the way?

it could be TLS negoitation failing - if the cipher method is DH-based - whats the size
of your DH key - needs to be 1024bit or more

start with those


More information about the Freeradius-Users mailing list