Certificate chain - 1 intermediate CA cert(s) untrusted
Rodrigo Prieto
rodrigoprieto2019 at gmail.com
Sat Nov 9 12:53:02 UTC 2024
Thanks for responding. I will be attentive to see if they find a solution.
Can I ask another question in this thread or do I create a new one? Thanks
again.
El sáb., 9 de noviembre de 2024 09:44, Alexey D. Filimonov <
alexey at filimonic.net> escribió:
> No solution yet.
>
> Same problem #1:
>
> https://lists.freeradius.org/pipermail/freeradius-users/2024-November/104940.html
> Same problem #2:
>
> https://lists.freeradius.org/pipermail/freeradius-users/2023-August/103398.html
> Same problem #3:
> https://github.com/FreeRADIUS/freeradius-server/issues/5273
>
> OpenSSL says It's FreeRADIUS problem (
> https://groups.google.com/a/openssl.org/g/openssl-users/c/qfLesr8bw_w )
> FreeRADIUS says It's OpenSSL problem
>
> On 2024-11-09 00:08, Rodrigo Prieto wrote:
> > Hello, I have the following problem. I configured freeradius to use
> EAP-TLS
> > and it works. Create the certificates with the script inside the
> > certificates folder.
> > The problem is that when a client connects the following error appears:
> >
> > Certificate chain - 1 intermediate CA cert(s) untrusted
> > To forbid these certificates see 'reject_unknown_intermediate_ca'
> > (TLS) untrusted certificate with depth [1] subject name /C=AR/ST=Buenos
> > Aires/L=Virreyes/O=Lotech/emailAddress=22 at gmail.com/CN=CA-FREERADIUS
> > (TLS) untrusted certificate with depth [0] subject name /C=AR/ST=Buenos
> > Aires/O=Lotech/CN=11 at gmail.com/emailAddress=11 at gmail.com
> >
> > I don't use intermediate AC. I ran c_rehash inside the certs folder.
> >
> > The certificates correctly point to the CA file.
> > rivate_key_password = loli
> > private_key_file = ${certdir}/server.key
> > certificate_file = ${certdir}/server.pem
> > ca_file = /etc/freeradius/certs/ca.pem
> > ca_path = ${cadir}
> >
> > I run openssl verify with the client and server certificates and it says
> OK.
> >
> > Freeradius is installed on Ununtu 24.04. The version of openssl is:
> > OpenSSL 3.0.13 Jan 30, 2024 (Library: OpenSSL 3.0.13 Jan 30, 2024)
> >
> > If anyone can help me, I appreciate it.
> > Greetings and thanks.
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list