Server certificate confusion
Alan DeKok
aland at deployingradius.com
Tue Apr 17 14:55:05 CEST 2018
On Apr 17, 2018, at 5:24 AM, Nick Howitt <nick at howitts.co.uk> wrote:
>
> Replying to my own post.
>
> There was a permission problem which I've now fixed, but I still get failure:
> eapol_test:
>
> (6) eap_tls: ERROR: SSL says error 26 : unsupported certificate
> purpose
That means that the certificate hierarchy is wrong. i.e. cert A has created cert B, but cert A doesn't have OIDs which say it's allowed to create sub-certificates.
Newer versions of OpenSSL check these settings. Older versions of OpenSSL didn't do that.
How did you create the certificates? The scripts in the raddb/certs directory should work, so using those would probably help.
Alan DeKok.
More information about the Freeradius-Users
mailing list