You have three possible issues. 1). You need to chain all of the certs into one file.
2). MS requires that the cert have a "special purpose". This is documented and needs to be included in the CSR. BS, but that's MS for you. 3). MS might not like wild cards. Not sure about this but it may be an issue. Easy enough to test. If 1 and 2 don't work, try with a non-wildcard cert +1 and 2. Post your results so we can all learn from it. Carl Peterson On Sep 14, 2012, at 10:44 AM, Tyller D <[email protected]> wrote: On Fri, Sep 14, 2012 at 4:07 PM, Alan DeKok <[email protected]>wrote: > Tyller D wrote: > > I have everything configured and working when I disabled "validate > > server Certificate" on windows. > > I have a wildcard certificate purchased from godaddy.com. > > I'm not sure that will work. > Is there a reason for that? Godaddy is in the list of servers to validate against? > > I had a problem when using it with apache as I had to add the > > intermediate chain in the config but can't find a place to do that in > > FreeRaius. > > You should have the CA cert, and all of the certs leading to the > server certificate. > Correct, I do. But which one do add as "certificate_file" in eap.conf? > > > When Auth fails because of validation then I get this in Freeradius debug > > So... did you read eap.conf, and configure the certificates as > documented there? > > Are you referring to this? - Windows requires the root certificates to be on the client PC. If it doesn't have them, you will see the same issue as above. I'm just guessing but it seems like that would be the cause. > > Is there something that I can do to get this to work? > > Read the documentation? > My question is, all the certificates leading to the server certifcate - where do I add them? > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
