Certificate chain - 1 intermediate CA cert(s) untrusted
Alexey D. Filimonov
alexey at filimonic.net
Sat Nov 9 12:43:59 UTC 2024
No solution yet.
Same problem #1:
https://lists.freeradius.org/pipermail/freeradius-users/2024-November/104940.html
Same problem #2:
https://lists.freeradius.org/pipermail/freeradius-users/2023-August/103398.html
Same problem #3: https://github.com/FreeRADIUS/freeradius-server/issues/5273
OpenSSL says It's FreeRADIUS problem (
https://groups.google.com/a/openssl.org/g/openssl-users/c/qfLesr8bw_w )
FreeRADIUS says It's OpenSSL problem
On 2024-11-09 00:08, Rodrigo Prieto wrote:
> Hello, I have the following problem. I configured freeradius to use EAP-TLS
> and it works. Create the certificates with the script inside the
> certificates folder.
> The problem is that when a client connects the following error appears:
>
> Certificate chain - 1 intermediate CA cert(s) untrusted
> To forbid these certificates see 'reject_unknown_intermediate_ca'
> (TLS) untrusted certificate with depth [1] subject name /C=AR/ST=Buenos
> Aires/L=Virreyes/O=Lotech/emailAddress=22 at gmail.com/CN=CA-FREERADIUS
> (TLS) untrusted certificate with depth [0] subject name /C=AR/ST=Buenos
> Aires/O=Lotech/CN=11 at gmail.com/emailAddress=11 at gmail.com
>
> I don't use intermediate AC. I ran c_rehash inside the certs folder.
>
> The certificates correctly point to the CA file.
> rivate_key_password = loli
> private_key_file = ${certdir}/server.key
> certificate_file = ${certdir}/server.pem
> ca_file = /etc/freeradius/certs/ca.pem
> ca_path = ${cadir}
>
> I run openssl verify with the client and server certificates and it says OK.
>
> Freeradius is installed on Ununtu 24.04. The version of openssl is:
> OpenSSL 3.0.13 Jan 30, 2024 (Library: OpenSSL 3.0.13 Jan 30, 2024)
>
> If anyone can help me, I appreciate it.
> Greetings and thanks.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list