RADSEC testing with FR 3.1

Alex Sharaz alex.sharaz at york.ac.uk
Fri Dec 9 16:51:53 CET 2016


As you said, must be something to do with how certs configured ... can't
see it yet though


On 9 December 2016 at 15:46, Alex Sharaz <alex.sharaz at york.ac.uk> wrote:

> That's what I thought as well. Configured 1 file with cert + intermediate
> CA + root ca in that order, using it at each end
> A
>
> On 9 December 2016 at 15:18, Alan DeKok <aland at deployingradius.com> wrote:
>
>> On Dec 9, 2016, at 6:10 AM, Alex Sharaz <alex.sharaz at york.ac.uk> wrote:
>> >
>> > o.k back to 3.0\
>> > Fri Dec  9 10:49:55 2016 : Debug: (0) <<< recv TLS 1.2  [length 0002]
>> > Fri Dec  9 10:49:55 2016 : ERROR: (0) TLS Alert read:fatal:unknown CA
>>
>>   That seems important.
>> >
>>
>> > Fri Dec  9 10:49:55 2016 : Debug: (0) Creating attributes from
>> certificate
>> > OIDs
>> > Fri Dec  9 10:49:55 2016 : ERROR: (0)   SSL says error 19 : self signed
>> > certificate in certificate chain
>> > Fri Dec  9 10:49:55 2016 : Debug: (0) >>> send TLS 1.2  [length 0002]
>> > Fri Dec  9 10:49:55 2016 : ERROR: (0) TLS Alert write:fatal:unknown CA
>>
>>   And that seems important.
>>
>>   Your certificates aren't configured correctly.
>>
>>   Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list
>> /users.html
>>
>
>


More information about the Freeradius-Users mailing list