Failed in SSLv3 read client certificate A
Michael Martinez
mwtzzz at gmail.com
Wed Jun 22 20:18:11 CEST 2016
On Wed, Jun 22, 2016 at 10:44 AM, Alan DeKok <aland at deployingradius.com> wrote:
> On Jun 22, 2016, at 1:16 PM, Michael Martinez <mwtzzz at gmail.com> wrote:
> That's not *quite* what it says:
>
> http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/iOS-OSX-Security-Changes-and-ClearPass/td-p/247291
>
> ... It turns out that if you use a ClearPass-signed RADIUS certificate and you do not specify https as the certificate type when you sign the CSR, ...
>
> I haven't seen any problems with iOS.
> My guess is that you created a server certifcate without the xpextensions file. i.e. printing a *good* certificate gets me:
>
> ...
> X509v3 extensions:
> X509v3 Extended Key Usage:
> TLS Web Server Authentication
> X509v3 CRL Distribution Points:
> URI:http://www.example.com/example_ca.crl
> ...
>
> Your server certificate is probably missing those extensions.
I'm using the Makefile which is included in the
freeradius/examples/certs folder, and it already includes
xpextensions. Here's what I see when I double-check my server.crt:
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://www.example.com/example_ca.crl
Any other thoughts or suggestions?
More information about the Freeradius-Users
mailing list