AW: AW: AW: After Upgrade from freeradius 2 to 3 (Debian 8 - 9): TLS Alert write:fatal:unsupported certificate

[Gladewitz, Robert]

If I understand this logs rights, the error happening on ca certificate?

...
Mon Dec 18 14:41:44 2017 : Debug: (2) eap_tls:   TLS-Cert-Subject := 
"/C=DE/O=Deutsches BiomasseForschungsZentrum gemeinnuetzige 
GmbH/OU=IT/CN=CAPF-1b0db5b4/ST=Sachsen/L=Leipzig"
Mon Dec 18 14:41:44 2017 : Debug: (2) eap_tls:   TLS-Cert-Issuer := 
"/C=DE/O=Deutsches BiomasseForschungsZentrum gemeinnuetzige 
GmbH/OU=IT/CN=CAPF-1b0db5b4/ST=Sachsen/L=Leipzig"

Mon Dec 18 14:41:44 2017 : Debug: (2) eap_tls:   TLS-Cert-Common-Name := 
"CAPF-1b0db5b4"
Mon Dec 18 14:41:44 2017 : ERROR: (2) eap_tls:   SSL says error 26 : 
unsupported certificate purpose
Mon Dec 18 14:41:44 2017 : Debug: Ignoring cbtls_msg call with pseudo content 
type 256, version 0
Mon Dec 18 14:41:44 2017 : Debug: (2) eap_tls: >>> send TLS 1.0 Alert [length 
0002], fatal unsupported_certificate

Mon Dec 18 14:41:44 2017 : ERROR: (2) eap_tls: TLS Alert 
write:fatal:unsupported certificate
Mon Dec 18 14:41:44 2017 : Error: tls: TLS_accept: Error in error
Mon Dec 18 14:41:44 2017 : ERROR: (2) eap_tls: Failed in __FUNCTION__ 
(SSL_read): ../ssl/statem/statem_srvr.c[2896]:error:1417C086:SSL 
routines:tls_process_client_certificate:certificate verify failed

Mon Dec 18 14:41:44 2017 : ERROR: (2) eap_tls: System call (I/O) error (-1)
...

Robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CAPF (2).pem
Type: application/octet-stream
Size: 1106 bytes
Desc: CAPF (2).pem
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20171219/29f85573/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6245 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20171219/29f85573/attachment.bin>