EAP-TLS authentication issue
Sam Hutchings
samhutchings1415 at gmail.com
Tue Dec 16 20:23:20 UTC 2025
> From the debug output it seems that client PC says that the server certificate is issued by an unknown CA but it is installed the same way that the example one. Also, I verified that the server certificate from my custom PKI is correct and has been issued by the custom CA whose certificate is installed in my PC's certificate store. I made sure also I added the correct usage extension for WiFi.
Did you add your ca.pem file from our own PKI to FreeRADIUS and
reference this within mods-available\eap?
If the server key and certificate are in the same file, you would have
set this as follows:
private_key_password = something
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
Then you would set your reference to your ca.pem file:
ca_file = ${cadir}/ca.pem
The directories referenced above are defined in radiusd.conf:
certdir = ${confdir}/certs
cadir = ${confdir}/certs
Sam
More information about the Freeradius-Users
mailing list