eap_peap: TLS Alert read:fatal:unknown CA
Alan DeKok
aland at deployingradius.com
Thu Sep 14 20:15:40 CEST 2017
On Sep 14, 2017, at 2:12 PM, Nicolás Guerra <ngr at vera.com.uy> wrote:
>
> Hello everybody,
> I didn't find a thread with exactly my problem, so I start a new thread.
We generally recommend starting new threads.
> I'm having problem with new certs in my freeradius server.
>
> I did what README file but didn't work for me.
Follow my guide:
http://deployingradius.com/
> up to here, everything seems right.
> but when I start service, in service log I see this:
>
>
> Thu Sep 14 14:09:13 2017 : ERROR: (4) eap_peap: ERROR: TLS Alert read:fatal:unknown CA
> Thu Sep 14 14:09:13 2017 : ERROR: (4) eap_peap: ERROR: TLS_accept: Failed in SSLv3 read client key exchange A
> Thu Sep 14 14:09:13 2017 : ERROR: (4) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read)
> Thu Sep 14 14:09:13 2017 : Auth: (4) Login incorrect (eap_peap: TLS Alert read:fatal:unknown CA): [usuario] (from client wrtnicolas.fder port 1 cli 28-56-5A-0B-6D-83)
That is likely a different client machine. And one which doesn't have the CA certificate installed.
> any help will be wellcome.
Install the CA certificate on all client machines which need to authenticate.
Alan Dekok.
More information about the Freeradius-Users
mailing list