After Upgrade from freeradius 2 to 3 (Debian 8 - 9): TLS Alert write:fatal:unsupported certificate
lytboris at yandex-team.ru
Wed Dec 20 07:41:50 CET 2017
On 19.12.2017 20:48, Alan DeKok wrote:
> If it can't verify the CA or server cert, OpenSSL fails, and we never get to check the client cert.
> When the client cert gets printed, the fields get printed as "TLS-Client-Cert-Serial", not as "TLS-Cert-Serial"
Hmm. There is no TLS-Client-Cert-Serial in the debug log indeed. So
you're saying that
1) FR gets client cert from the client (not a full chain in our case,
2) FR tries to check full cert chain and OpenSSL finds the issuer of
that client cert has wrong OIDs and raise an error flag.
+7 (495) 739 70 00 ext. 7671
More information about the Freeradius-Users