Error, Unknown CA, Creating attributes from [non existent] server certificate
Emile Swarts
emile.swarts123 at gmail.com
Thu Aug 25 09:53:43 UTC 2022
Hi,
We're using FreeRadius (3.2.0) and successfully authenticating clients over
EAP-TTLS / Radsec.
We had one failed authentication yesterday that I am struggling to make
sense of.
Verbose logging is enabled so I can see all the details.
I can see the usual "Creating attributes from server certificate" in the
authenticate section,
which then goes on to mention a server certificate (TLS-Cert-Common-Name) that
I've never heard of, and definitely isn't installed on our FreeRadius
server.
The server then sends the following back to the client:
"send TLS 1.2 Alert, fatal unknown_ca"
I've looked at the C source code but I'm unable to see where this could
have gotten mixed up, any advice appreciated.
This has only happened once out of thousands of successful authentications.
More information about the Freeradius-Users
mailing list