ERROR: SSL says error 7 : certificate signature failure
craig
craig at mypenguin.net.au
Wed Jun 29 04:04:46 CEST 2016
Hi,
802.1x Authentication with EAP-TLS, works perfectly with a Centos
client, however not from a Cisco IP Phone.
Basic Specs For Server;
* Centos 7.2 x64
* freeradius-3.0.11
* Communicating through a Dell N3000 switch.
* Cisco 7945 IP Phone
I'm just after advice on how to solve the "certificate signature
failure" error?
Error:
(3) eap_tls: Creating attributes from certificate OIDs
(3) eap_tls: TLS-Cert-Serial := "01"
(3) eap_tls: TLS-Cert-Expiration := "190622025857Z"
(3) eap_tls: TLS-Cert-Subject := "/CN=ios-ca"
(3) eap_tls: TLS-Cert-Issuer := "/CN=ios-ca"
(3) eap_tls: TLS-Cert-Common-Name := "ios-ca"
(3) eap_tls: Creating attributes from certificate OIDs
(3) eap_tls: TLS-Client-Cert-Serial := "02"
(3) eap_tls: TLS-Client-Cert-Expiration := "190622025857Z"
(3) eap_tls: TLS-Client-Cert-Subject := "/CN=SEP20BBC092DE1D"
(3) eap_tls: TLS-Client-Cert-Issuer := "/CN=ios-ca"
(3) eap_tls: TLS-Client-Cert-Common-Name := "SEP20BBC092DE1D"
---> (3) eap_tls: ERROR: SSL says error 7 : certificate signature
failure <-------
(3) eap_tls: >>> send TLS 1.0 Alert [length 0002], fatal decrypt_error
(3) eap_tls: ERROR: TLS Alert write:fatal:decrypt error
tls: TLS_accept: Error in SSLv3 read client certificate B
(3) eap_tls: ERROR: SSL says: error:0D0C50A1:asn1 encoding
routines:ASN1_item_verify:unknown message digest algorithm
(3) eap_tls: ERROR: SSL_read failed inside of TLS (-1), TLS session
failed
(3) eap_tls: ERROR: TLS receive handshake failed during operation
(3) eap_tls: ERROR: [eaptls process] = fail
(3) eap: ERROR: Failed continuing EAP TLS (13) session. EAP sub-module
failed
Regards,
Craig
More information about the Freeradius-Users
mailing list