EAP-TLS unable to get local issuer certificate

Alan DeKok aland at deployingradius.com
Wed Jun 7 07:10:07 UTC 2023


On Jun 6, 2023, at 1:54 PM, MH <h33927318 at gmail.com> wrote:
> I am trying to setup EAP-TLS and I am getting radius server error "eap_tls:
>  (TLS) OpenSSL says error 20 : unable to get local issuer certificate",
> "send TLS 1.2 Alert, fatal unknown_ca"

  You haven't configured the supplicant properly.  It doesn't know anything about the CA which signed the server cert.

  Add the CA to the client, and the message will go away.

  i.e. You cannot read just *part* of the error message and think that is the *whole* problem.  The rest of the error message say "fatal unknown CA".  That is the root cause of the problem.

  Alan DeKok.



More information about the Freeradius-Users mailing list