Certificate validation in rest module fails
Alan DeKok
alan.dekok at inkbridge.io
Thu Sep 4 18:54:54 UTC 2025
On Sep 4, 2025, at 2:42 PM, Murali Krishnamoorthy <hibkmurali at gmail.com> wrote:
> > *(0) rest_auth_failure_log: ERROR: Request failed: 60 - SSL peer
> > certificate or SSH remote key was not OK*
>
> Hmm... unfortunately, that error is coming from curl. The REST module just uses the curl APIs to do the bulk of the work.
i.e. error 60 is the Curl error for when it cannot verify the certificate of the REST server.
> Is there any external command I could use to verify what freeradius rest module is doing to get better debug?
I don't think there's any additional debugging you could see on the FreeRADIUS side. It just gets passes the data to Curl, and Curl returns "error 60". In order to enable more Curl debugging, you would have to edit rlm_rest, to add more Curl API calls.
Another possibility is that FreeRADIUS and the local "curl" command are using different versions of OpenSSL.
But in the end, FreeRADIUS passes data to Curl, and Curl returns error 60. The only solution here is to pass the right data into Curl.
We've used rlm_rest in many places, and have never run into this issue. So it looks like a local configuration problem.
Alan DeKok.
More information about the Freeradius-Users
mailing list