Failed test with test certificates
Alan DeKok
aland at deployingradius.com
Wed Jul 9 11:06:42 UTC 2025
On Jul 9, 2025, at 3:20 AM, Kat via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Any chance of knowing what these error messages mean?
What part of the error messages are unclear?
> Have I used the wrong certificates in the wrong place?
Do the error messages say that?
> (39) eap_tls: Executing: /usr/bin/openssl verify -CApath /etc/freeradius/certs %{TLS-Client-Cert-Filename}:
> (39) eap_tls: EXPAND %{TLS-Client-Cert-Filename}
> (39) eap_tls: --> /tmp/radiusd/radiusd.client.XXUK9jFp
> C = FR, ST = Radius, O = Example Inc., CN = user at example.org, emailAddress = user at example.org
> error 20 at 0 depth lookup: unable to get local issuer certificate
This error is produced by the /usr/bin/openssl program. You can run this same command manually, from the command line.
What's going wrong is that you don't have the right certificates in place. A google of "openssl unable to get local issuer certificate" will tell you what needs to be fixed.
Since you're running the openssl program, this isn't a FreeRADIUS issue. It's an in issue with OpenSSL, and the certificates that you've put on disk.
Alan DeKok.
More information about the Freeradius-Users
mailing list