Failed in SSLv3 read client certificate A
mwtzzz at gmail.com
Wed Jun 22 20:18:11 CEST 2016
On Wed, Jun 22, 2016 at 10:44 AM, Alan DeKok <aland at deployingradius.com> wrote:
> On Jun 22, 2016, at 1:16 PM, Michael Martinez <mwtzzz at gmail.com> wrote:
> That's not *quite* what it says:
> ... It turns out that if you use a ClearPass-signed RADIUS certificate and you do not specify https as the certificate type when you sign the CSR, ...
> I haven't seen any problems with iOS.
> My guess is that you created a server certifcate without the xpextensions file. i.e. printing a *good* certificate gets me:
> X509v3 extensions:
> X509v3 Extended Key Usage:
> TLS Web Server Authentication
> X509v3 CRL Distribution Points:
> Your server certificate is probably missing those extensions.
I'm using the Makefile which is included in the
freeradius/examples/certs folder, and it already includes
xpextensions. Here's what I see when I double-check my server.crt:
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 CRL Distribution Points:
Any other thoughts or suggestions?
More information about the Freeradius-Users