unknown CA when trying to authenticate
Alan DeKok
aland at deployingradius.com
Mon Feb 22 13:06:40 CET 2021
On Feb 21, 2021, at 10:57 PM, Tyler Montney <montneytyler at gmail.com> wrote:
>
> Version 3.0.16, running on Ubuntu 18.04.
>
> While running freeradius -X and trying to connect a user (Ubiquiti
> controller), I see "eap_peap: ERROR: TLS Alert read:fatal:unknown CA".
What is the user system running? How does it authenticate?
> /etc/freeradius/3.0/mods-enabled/eap has its tls-config tls-common section
> like
>
> private_key_file = /etc/freeradius/3.0/certs/letsencrypt/privkey.pem
> certificate_file = /etc/freeradius/3.0/certs/letsencrypt/cert.pem
> ca_file = /etc/ssl/certs/ca-certificates.crt
That's good.
> My CA was copied to /usr/local/share/ca-certificates/ and ran
> dpkg-reconfigure ca-certificates. I then checked ca-certificates.crt and
> confirmed my CA was appended to the bottom.
That's not. You haven't described what you're using to authenticate. Where does it get the certificates from?
The certificate store you edited is used for web authentication, not WiFi.
You need to read the documentation for your system to see how to get WiFi authentication working. This isn't a FreeRADIUS issue.
Alan DeKok.
More information about the Freeradius-Users
mailing list