Certificate chain untrusted
Alan DeKok
aland at deployingradius.com
Wed Aug 2 15:47:40 UTC 2023
On Aug 2, 2023, at 9:07 AM, Maciej Kowalka <maciejkowalkati at gmail.com> wrote:
> In the config:
>
> Ca_file points to ca.pem
> Ca_path points to folder containing both ca.pem and intermediate.pem
That should be fine.
> Auto_chain is set to “yes”
That might be OK. It's OpenSSL... it's hard to say.
> Done c_rehash for the folder with certs, freeradius restarted, but in
> debug I still see the same warnings:
>
> Warning: Certificate chain - 1 cert(s) untrusted
> Warning: (TLS) untrusted certificate with depth [1] subject name
> /C=PL/ST=MyState/O=MyOrg/CN=Intermediate CA
> Warning: (TLS) untrusted certificate with depth [0] subject name
> /C=PL/ST=MyState/O=MyOrg/CN=client
Either that's a different certificate than what is in the ca_path directory, or there's some OpenSSL magic going on.
i.e. FreeRADIUS uses OpenSSL for certificate handling. If OpenSSL is complaining about certificates, there's really not a lot we can do.
Alan DeKok.
More information about the Freeradius-Users
mailing list