Windows 10 EAP-TTLS with client certificate

Ján Máté jan.mate at
Wed Jan 22 02:02:48 CET 2020

Hi list,

I successfully installed and configured our FreeRADIUS server with the following results:

	EAP-TLS	=> works on Windows 10, iOS 13, macOS 10.15 (Catalina)
	EAP-TTLS + PAP (LDAP auth) => works on Windows 10, iOS 13, macOS 10.15
	EAP-TTLS + PAP (LDAP auth) + client cert => NOT works on Windows 10, but works on iOS 13, macOS 10.15

The last option with Windows 10 produces the following error logs:

	(185) eap_ttls: ERROR: TLS Alert write:fatal:handshake failure
	tls: TLS_accept: Error in error
	(185) eap_ttls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate
	(185) eap_ttls: ERROR: System call (I/O) error (-1)
	(185) eap_ttls: ERROR: TLS receive handshake failed during operation
	(185) eap_ttls: ERROR: [eaptls process] = fail
	(185) eap: ERROR: Failed continuing EAP TTLS (21) session.  EAP sub-module failed

Windows 10 logs:
	Wireless 802.1x authentication failed.
	Error: 0x80420015
	EAP Reason: 0x80420015
	EAP Root cause String:
	EAP Error: 0x80420015

I tried nearly all combinations in the Windows 10 configuration interface, but it never sends the client_cert with EAP-TTLS (the same settings with EAP-TLS work). When trying to connect to Wi-FI the Windows 10 interface looks like:

	Choose a certificate: <correctly pre-selected certificate>
	User name: <my username entered manually>

but after clicking to connect the server never receives the selected certificate ...

Is the optional "client cert" in EAP-TTLS supported on Windows 10? Any ideas to get it working?



More information about the Freeradius-Users mailing list