B.pem is a server certificate. A.pem is a CA certificate. Lik to that one. Ivan Kalik Kalik Informatika ISP
Dana 1/7/2008, "Sergio Yébenes Moreno" <[EMAIL PROTECTED]> piše: >Hi > >I'm using freeradius-server-2.0.4 with eap-tls. I have a client cert >signed by an intermediate authority B.pem . If I put CA_file = "B.pem" >in eap.conf, I have this log: >...... > rlm_eap_tls: Done initial handshake > rlm_eap_tls: <<< TLS 1.0 Handshake [length 05f2], Certificate >--> verify error:num=2:unable to get issuer certificate > rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca >TLS Alert write:fatal:unknown CA > TLS_accept:error in SSLv3 read client certificate B >rlm_eap: SSL error error:140890B2:SSL >routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned >rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. > eaptls_process returned 13 > rlm_eap: Freeing handler >++[eap] returns reject >...... > >Looks normal because B.pem is signed by self-signed A.pem >I don't know how to put this in eap.conf, TLS section, and also looks >like client never sends his certificate.... >can anybody help me? I need to use the two certificates because I'm not >the signer. > >Thanks a lot > >P.D. EspaĂąa 1 Alemania 0 rules >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
