Oh, and when using TLS, install client certificate on client. 2008/6/15 Jelle Langbroek <[EMAIL PROTECTED]>:
> So, you should probably create a new certificate with a certified CA or a > correct own CA. Install openssl and follow a howto on creating new > certificates. Make sure you match Common Name to server.domainname > Furthermore change certificate options (like password) in eap.conf. > > gr, jelle > > > >> >> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0377], Certificate --> verify >> error:num=20:unable to get local issuer certificate >> chain-depth=0, >> error=20 >> --> User-Name = mike >> --> BUF-Name = mike >> --> subject = /C=NL/ST=Netherlands/O=C2C/CN=mike/[EMAIL PROTECTED] >> --> issuer = >> /C=NL/ST=Netherlands/O=C2C/CN=BDHZ_server/[EMAIL PROTECTED] >> --> verify return:0 >> rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert >> write:fatal:unknown CA >> TLS_accept:error in SSLv3 read client certificate B >> 6996:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no >> certificate returned:s3_srvr.c:2004: >> rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. >> >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
