Hello Fabrice
Thank you for your reply.
I have copied the Alcatel CA Cert to my existing CA Certificate:
-----BEGIN CERTIFICATE-----
MS CA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Alcatel CA
-----END CERTIFICATE-----
The I restarted radiusd service.
When the phone will try to authenticate (EAP-TLS), this message ist
inradius.log:
May 31 17:28:03 nac2 auth[4563]: (24) eap_tls: ERROR: SSL says error 20 :
unable to getlocal issuer certificate
May 31 17:28:03 nac2 auth[4563]: (24) eap_tls: ERROR: TLS
Alertwrite:fatal:unknown CA
May 31 17:28:03 nac2 auth[4563]: tls: TLS_accept: Error in error
May 31 17:28:03 nac2 auth[4563]: (24) Login incorrect (eap_tls: SSL sayserror
20 : unable to get local issuer certificate): [ALCIPT] (from client192.168.1.46
port 20 cli 00:80:9f:dd:33:b0)
What ist missing?
Thank you
Chris
Von: Fabrice Durand <[email protected]>
An: [email protected]
Gesendet: 19:09 Dienstag, 23.Mai 2017
Betreff: Re: [PacketFence-users] EAP-TLS with IP-PHones
Hello Chtis, in fact you have to concatenate the root certificate in your CA
file. (ca_file in eap.conf). Regards Fabrice
Le 2017-05-23 à 11:16, Christian Gfeller a écrit :
Hello packetfence users I have a installation of Packetfence 7.0. MSPKI is
integrated
(https://packetfence.org/doc/PacketFence_MSPKI_Quick_Install_Guide.html) and
EAP-TLS with Windows clients (802.1x) works fine. We have Alcatel Lucent wired
IP Phones which supports 802.1x (MD5 and TLS) too. There is a certificate from
Alcatel preinstalled on the phone. (Issued by “Alactel Enterprise Solutions”).
I have downloaded the “Alcatel Enterprise Solutions” root certificate. Which
is the right way to authenticate the IP-phones with the built in certificate?
How can i install the root certificate with already installed MSPKI? Thank
you Chris
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
