Certificate chain untrusted

Maciej Kowalka maciejkowalkati at gmail.com
Thu Aug 3 14:12:12 UTC 2023


śr., 2 sie 2023, 17:48 użytkownik Alan DeKok <aland at deployingradius.com>
napisał:

> On Aug 2, 2023, at 9:07 AM, Maciej Kowalka <maciejkowalkati at gmail.com>
> wrote:
> > In the config:
> >
> > Ca_file points to ca.pem
> > Ca_path points to folder containing both ca.pem and intermediate.pem
>
>   That should be fine.
>
> > Auto_chain is set to “yes”
>
>   That might be OK.  It's OpenSSL... it's hard to say.
>
> > Done c_rehash for the folder with certs, freeradius restarted, but in
> > debug I still see the same warnings:
> >
> > Warning: Certificate chain - 1 cert(s) untrusted
> > Warning: (TLS) untrusted certificate with depth [1] subject name
> > /C=PL/ST=MyState/O=MyOrg/CN=Intermediate CA
> > Warning: (TLS) untrusted certificate with depth [0] subject name
> > /C=PL/ST=MyState/O=MyOrg/CN=client
>
>   Either that's a different certificate than what is in the ca_path
> directory, or there's some OpenSSL magic going on.
>
>   i.e. FreeRADIUS uses OpenSSL for certificate handling.  If OpenSSL is
> complaining about certificates, there's really not a lot we can do.
>
>   Alan DeKok.
>

Would you be able to awnser me if the warning I'm now getting is correct :
I now have only client certificate in windows and now I get only
Warning: Certificate chain - 1 cert(s) untrusted
Warning: (TLS) untrusted certificate with depth [0] subject name
/C=PL/ST=MyState/O=MyOrg/CN=client
So now the client pc sends only it's own certificate, but is authenticated
by radius

Maciej

>


More information about the Freeradius-Users mailing list