unknown CA when trying to authenticate

Alan DeKok aland at deployingradius.com
Mon Feb 22 13:06:40 CET 2021

On Feb 21, 2021, at 10:57 PM, Tyler Montney <montneytyler at gmail.com> wrote:
> Version 3.0.16, running on Ubuntu 18.04.
> While running freeradius -X and trying to connect a user (Ubiquiti
> controller), I see "eap_peap: ERROR: TLS Alert read:fatal:unknown CA".

  What is the user system running?  How does it authenticate?

> /etc/freeradius/3.0/mods-enabled/eap  has its tls-config tls-common section
> like
> private_key_file = /etc/freeradius/3.0/certs/letsencrypt/privkey.pem
> certificate_file = /etc/freeradius/3.0/certs/letsencrypt/cert.pem
> ca_file = /etc/ssl/certs/ca-certificates.crt

  That's good.

> My CA was copied to /usr/local/share/ca-certificates/ and ran
> dpkg-reconfigure ca-certificates. I then checked ca-certificates.crt and
> confirmed my CA was appended to the bottom.

  That's not.  You haven't described what you're using to authenticate.  Where does it get the certificates from?

  The certificate store you edited is used for web authentication, not WiFi.

  You need to read the documentation for your system to see how to get WiFi authentication working.  This isn't a FreeRADIUS issue.

  Alan DeKok.

More information about the Freeradius-Users mailing list