Have you opened the certificates you believe to be the latest in something else (like Windows perhaps) and checked that the expiry dates of these certificates is correct?
And have you checked that your server's time is correct too? Stefan From: freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org<mailto:freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org> [mailto:freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org] On Behalf Of Muhammad Nadeem Sent: 19 July 2013 11:24 To: FreeRadius users mailing list Subject: Re: certificate expiration proble thanx for you reply, but as i said certificates are ok. Please see this log [tls] --> User-Name = 0026826172C4@test_cpe.com<mailto:0026826172C4@test_cpe.com> [tls] --> BUF-Name = wi-tribe Pakistan Certification Authority [tls] --> subject = /C=PK/ST=Fedral Capital/L=Islamabad/O=wi-tribe Pakistan limited/OU=Network Operations/CN=wi-tribe Pakistan Certification Authority/emailAddress=pkwi...@pk.wi-tribe.com<mailto:pkwi...@pk.wi-tribe.com> [tls] --> issuer = /C=PK/ST=Fedral Capital/L=Islamabad/O=wi-tribe Pakistan limited/OU=Network Operations/CN=wi-tribe Pakistan Certification Authority/emailAddress=pkwi...@pk.wi-tribe.com<mailto:pkwi...@pk.wi-tribe.com> [tls] --> verify return:1 --> verify error:num=10:certificate has expired [tls] >>> TLS 1.0 Alert [length 0002], fatal certificate_expired TLS Alert write:fatal:certificate expired TLS_accept: error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned thanks On Fri, Jul 19, 2013 at 2:58 PM, <a.l.m.bu...@lboro.ac.uk<mailto:a.l.m.bu...@lboro.ac.uk>> wrote: Hi, > I am trying to configure eap with some customized certificates, I have > configured eap.config correctly. > But I am getting the error of "certificate expired". Although i have the > latest certificates. certificate has expired. FreeRADIUS has no reason to lie. check the startup output of 'radiusd -X' - look for when it loads the certs. then use openssl to read those certs to see what the values are - server cert, CA cert....or client cert. whatever you're using eg openssl x509 -in server.pem -noout -text alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University -- This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail. Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd. Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message. Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html