Freeradius with Docker - got Unknown CA error

Fri Aug 9 02:51:18 CEST 2019

Thanks Alan for the quick response!

I am using eapol_test to send the request with the ca.pem, but still got
the Unknown CA error:
$ eapol_test -c eap-tls.conf -a 34.94.22.45 -s myRandomPass -o eap-tls.out

In my eap-tls.conf:
network={
        key_mgmt=WPA-EAP
        identity="myusername"
        proto=WPA2
        eap=TLS
        ca_cert="ca.pem" // The same ca.pem in Free Radius
        private_key="client.p12"
        private_key_passwd="clientpassword"
}

Thank you!

On Thu, Aug 8, 2019 at 5:30 PM Alan DeKok <aland at deployingradius.com> wrote:

> On Aug 8, 2019, at 8:13 PM, Jiuyu Sun <sunjiuyu at gmail.com> wrote:
> >
> > I have a working radiusd.conf which can do EAP-TLS authentication. I am
> > able to run the FreeRadius server in Ubuntu directly. Now I am trying to
> > make the FreeRadius server running in Docker and upload it to GCP.
> However,
> > with the same radiusd.conf, I got the error "TLS Alert read:fatal:unknow
> > CA".
> >
> > In my radiusd.conf, I have something like:
>
>   That's all standard in the default configuration files.
>
> > In my Dockerfile, I first have something like:
> > WORKDIR /radius
> > COPY radiusd.conf /radius
> > COPY certs/ /radius/certs
>
>   That should work.  See also:
>
> https://github.com/FreeRADIUS/freeradius-server/tree/v3.0.x/scripts/docker
>
>   There are pre-built docker scripts for v3, and for the major Linux
> distributions.
>
> > (4) eap_tls: <<< recv TLS 1.2  [length 0002]
> > (4) eap_tls: ERROR: TLS Alert read:fatal:unknown CA
> > (4) eap_tls: TLS_accept: Need to read more data: error
> > (4) eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094418:SSL
> > routines:ssl3_read_bytes:tlsv1 alert unknown ca
>
>   That's a message from the supplicant.  You configured the CA on
> FreeRADIUS, but not on the supplicant.
>
>   Add the CA to the supplicant and it should work.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html