Failed in SSLv3 read client certificate A

Michael Martinez mwtzzz at gmail.com
Wed Jun 22 20:18:11 CEST 2016


On Wed, Jun 22, 2016 at 10:44 AM, Alan DeKok <aland at deployingradius.com> wrote:
> On Jun 22, 2016, at 1:16 PM, Michael Martinez <mwtzzz at gmail.com> wrote:
>   That's not *quite* what it says:
>
> http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/iOS-OSX-Security-Changes-and-ClearPass/td-p/247291
>
>  ... It turns out that if you use a ClearPass-signed RADIUS certificate and you do not specify https as the certificate type when you sign the CSR, ...
>
>   I haven't seen any problems with iOS.

>   My guess is that you created a server certifcate without the xpextensions file.  i.e. printing a *good* certificate gets me:
>
> ...
>         X509v3 extensions:
>             X509v3 Extended Key Usage:
>                 TLS Web Server Authentication
>             X509v3 CRL Distribution Points:
>                 URI:http://www.example.com/example_ca.crl
> ...
>
>   Your server certificate is probably missing those extensions.

I'm using the Makefile which is included in the
freeradius/examples/certs folder, and it already includes
xpextensions. Here's what I see when I double-check my server.crt:
       X509v3 extensions:
            X509v3 Extended Key Usage:
                TLS Web Server Authentication
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://www.example.com/example_ca.crl

Any other thoughts or suggestions?


More information about the Freeradius-Users mailing list