Freeradius with Docker - got Unknown CA error
Alan DeKok
aland at deployingradius.com
Fri Aug 9 02:29:44 CEST 2019
On Aug 8, 2019, at 8:13 PM, Jiuyu Sun <sunjiuyu at gmail.com> wrote:
>
> I have a working radiusd.conf which can do EAP-TLS authentication. I am
> able to run the FreeRadius server in Ubuntu directly. Now I am trying to
> make the FreeRadius server running in Docker and upload it to GCP. However,
> with the same radiusd.conf, I got the error "TLS Alert read:fatal:unknow
> CA".
>
> In my radiusd.conf, I have something like:
That's all standard in the default configuration files.
> In my Dockerfile, I first have something like:
> WORKDIR /radius
> COPY radiusd.conf /radius
> COPY certs/ /radius/certs
That should work. See also:
https://github.com/FreeRADIUS/freeradius-server/tree/v3.0.x/scripts/docker
There are pre-built docker scripts for v3, and for the major Linux distributions.
> (4) eap_tls: <<< recv TLS 1.2 [length 0002]
> (4) eap_tls: ERROR: TLS Alert read:fatal:unknown CA
> (4) eap_tls: TLS_accept: Need to read more data: error
> (4) eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094418:SSL
> routines:ssl3_read_bytes:tlsv1 alert unknown ca
That's a message from the supplicant. You configured the CA on FreeRADIUS, but not on the supplicant.
Add the CA to the supplicant and it should work.
Alan DeKok.
More information about the Freeradius-Users
mailing list