Certificate chain untrusted

Maciej Kowalka maciejkowalkati at gmail.com
Tue Aug 1 04:46:56 UTC 2023


pon., 31 lip 2023, 16:34 użytkownik Alan DeKok
<aland at deployingradius.com> napisał:
>
> On Jul 31, 2023, at 2:30 AM, Maciej Kowalka <maciejkowalkati at gmail.com> wrote:
> >
> > Hi, I've got configures freeradius 3.2 with eap tls, and working
> > certificates, users can be authorized to network but I get warnings every
> > time :
>
>   If it works...

don't touch it....


> > Certificate chain - 1 cert(s) untrusted
> >
> > (TLS) untrusted certificate with depth [1] subject name
> > /C=PL/ST=MyState/O=MyOrg/CN=Intermediate CA
> >
> > (TLS) untrusted certificate with depth [0] subject name
> > /C=PL/ST=MyState/O=MyOrg/CN=client
> >
> > Is there solution to this or so I have to ignore it, and live with it?
>
>   Configure the server so that it knows about the certificates.  That way they will be trusted.
>
>   See mods-available/eap.  Look for "reject_unknown_intermediate_ca"
>
>   Alan DeKok.

I tried but probably didn't do it right, can you point to how exactly to do it?
The things I tried:
- adding intermediate-ca.pem to certificate folder
- concatenate Intermediate-ca.pem and ca.pem together
- adding Intermediate-ca.pem to server.pem certificate
- changing the config ca_file to point to the Intermediate-ca.pem
None of these things worked, so I would appreciate writing what I need
to configure.
Preferably with an example :)

Maciej


More information about the Freeradius-Users mailing list