Certificate chain - 1 intermediate CA cert(s) untrusted

Alexey D. Filimonov alexey at filimonic.net
Sat Nov 9 13:34:37 UTC 2024 

If it is not related to this thread, then you should create a new thread.

On 2024-11-09 15:53, Rodrigo Prieto wrote:
> Thanks for responding. I will be attentive to see if they find a solution.
> Can I ask another question in this thread or do I create a new one? Thanks
> again.
>
> El sáb., 9 de noviembre de 2024 09:44, Alexey D. Filimonov <
> alexey at filimonic.net> escribió:
>
>> No solution yet.
>>
>> Same problem #1:
>>
>> https://lists.freeradius.org/pipermail/freeradius-users/2024-November/104940.html
>> Same problem #2:
>>
>> https://lists.freeradius.org/pipermail/freeradius-users/2023-August/103398.html
>> Same problem #3:
>> https://github.com/FreeRADIUS/freeradius-server/issues/5273
>>
>> OpenSSL says It's FreeRADIUS problem (
>> https://groups.google.com/a/openssl.org/g/openssl-users/c/qfLesr8bw_w )
>> FreeRADIUS says It's OpenSSL problem
>>
>> On 2024-11-09 00:08, Rodrigo Prieto wrote:
>>> Hello, I have the following problem. I configured freeradius to use
>> EAP-TLS
>>> and it works. Create the certificates with the script inside the
>>> certificates folder.
>>> The problem is that when a client connects the following error appears:
>>>
>>> Certificate chain - 1 intermediate CA cert(s) untrusted
>>> To forbid these certificates see 'reject_unknown_intermediate_ca'
>>> (TLS) untrusted certificate with depth [1] subject name /C=AR/ST=Buenos
>>> Aires/L=Virreyes/O=Lotech/emailAddress=22 at gmail.com/CN=CA-FREERADIUS
>>> (TLS) untrusted certificate with depth [0] subject name /C=AR/ST=Buenos
>>> Aires/O=Lotech/CN=11 at gmail.com/emailAddress=11 at gmail.com
>>>
>>> I don't use intermediate AC. I ran c_rehash inside the certs folder.
>>>
>>> The certificates correctly point to the CA file.
>>>    rivate_key_password = loli
>>> private_key_file = ${certdir}/server.key
>>> certificate_file = ${certdir}/server.pem
>>> ca_file = /etc/freeradius/certs/ca.pem
>>> ca_path = ${cadir}
>>>
>>> I run openssl verify with the client and server certificates and it says
>> OK.
>>> Freeradius is installed on Ununtu 24.04. The version of openssl is:
>>> OpenSSL 3.0.13 Jan 30, 2024 (Library: OpenSSL 3.0.13 Jan 30, 2024)
>>>
>>> If anyone can help me, I appreciate it.
>>> Greetings and thanks.
>>> -
>>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list