Proxy to realm after eap-ttls authantication

Mesut Ozturk mesut at nevotek.com
Tue Nov 24 08:36:24 CET 2020


Hi Alan,

Thanks for reply.

>The Android device wasn't configured with the CA used by FreeRADIUS.  So... add the CA to the android system, and configure it to use that CA when authenticating to FreeRADIUS.

I created freeradius CA certificate according to https://wiki.freeradius.org/config/Certificates link. Then eap config for using new created ca.pem
Also i downloaded ca.pem file to my Android device but still getting same error.

eap_ttls: ERROR: TLS Alert read:fatal:unknown CA

I dont understand what you mean with "use that CA when authenticating to FreeRADIUS". What i read in EAP-TTLS, auth server sends the certificate and client validates for open a secure tunnel. Why client have to sent the certificate ?

Regards.
[http://www.nevotek.com/nevotekmail/logo.png]   Mesut Ozturk
R&D Senior Developer
P: +902122867576        E:  mesut at nevotek.com
F: +902122867476        W: www.nevotek.com
[http://www.nevotek.com/nevotekmail/maps-icon.png] Santa Clara-CA, USA<https://www.google.com/maps/place/5201+Great+America+Pkwy+%23320,+Santa+Clara,+CA+95054,+USA/@37.4063062,-121.978682,923m/data=!3m2!1e3!4b1!4m5!3m4!1s0x808fc9cc6fc08be1:0xa189e7ab47ebcdc!8m2!3d37.4063062!4d-121.9764933?hl=en>   [http://www.nevotek.com/nevotekmail/maps-icon.png]  Istanbul, TURKEY<https://www.google.com/maps/search/teknokent,+Istanbul,+Turkey/@41.106333,29.015257,876m/data=!3m1!1e3?hl=en>   [http://www.nevotek.com/nevotekmail/maps-icon.png]  Dubai, UAE<https://www.google.com/maps/place/Internet+City,+Building+%2314+-+Dubai+-+United+Arab+Emirates/@25.0984488,55.1609574,1052m/data=!3m2!1e3!4b1!4m13!1m7!3m6!1s0x3e5f6b696d88a9ab:0x6d495147845cd0f1!2sInternet+City,+Building+%2314+-+Dubai+-+United+Arab+Emirates!3b1!8m2!3d25.0983618!4d55.1631953!3m4!1s0x3e5f6b696d88a9ab:0x6d495147845cd0f1!8m2!3d25.0983618!4d55.1631953?hl=en>

[www.nevotek.com]<www.nevotek.com>


More information about the Freeradius-Users mailing list