I am attempting to use xsupplicant to connect my fedora 4 laptop to a Open
/ static wep / eap-tls enabled cisco wireless network with Cisco ACS
radius server and a Microsoft CA, everything works fine if I just use wep
and avoid EAP-TLS.
My xsupplicant configuration files seems to be correct, however my
authentication requests fail during an openssl handshake to my radius
server with the following error:
[AUTH TYPE] --- SSL_verify : depth 1
[AUTH TYPE] --- SSL_verify error : num=19:self signed certificate in
certificate chain:depth=1:/DC=org/DC=vmmc/DC=vmad/CN=vmad1
[AUTH TYPE] --- SSL : SSLv3 read server certificate B
[AUTH TYPE] --- ALERT : unknown CA
[AUTH TYPE] --- SSL : SSLv3 read server certificate B
OpenSSL Error -- error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Failure!
This seems to be a common error for many programs that use openssl. I
attempted to solve this by adding our Microsoft cert to /etc/pki/tls/certs
as a hash. This change did allow openssl verify to confirm the
certificate without error but did have any affect on
xsupplicant.
I would think the above change would behave similarly to adding our
Microsoft CA to our Windows XP clients "Trusted root certificate
authorities" list on Windows, but it does not appear so.
Any suggestions would be most welcome.
Cheers,
Shane
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
