Hello Yukou, > Client(StrongSwan5.3.5) --- authenticator --- TTLS Server/Radius > Server(Freeradius2.1.12) >> Feb 25 14:41:13 tester charon: 05[TLS] server certificate does not match to >> 'C=AAA, O=OOO, CN=TEST' What does your config look like? Obviously, the RADIUS server only authenticates itself, not the authenticator.
>I installed certification of the server: >ipsec.d/certs/ Where is that exactly? Are you aware that the location of ipsec.d changes, depending on the compile time sysconfdir and prefix settings? > When I checked by "ipsec listall", no item about "List of X.509 End Entity > Certificates" is listed up. Make sure you understand where charon things ipsec.d is actually. On 25.02.2016 08:51, yukou katori wrote: > Hi, > > I'm setting up EAP-TTLS-Radius client on StrongSwan5.3.5. > > Client(StrongSwan5.3.5) --- authenticator --- TTLS Server/Radius > Server(Freeradius2.1.12) > > I got the following error when the Client tries to connect. > > Feb 25 14:41:13 tester charon: 05[TLS] server certificate does not match to > > 'C=AAA, O=OOO, CN=TEST' > > I installed certification of the server: > ipsec.d/certs/ > > /usr/local/etc/ipsec.d# ls certs/ > server.pem > > When I checked by "ipsec listall", no item about "List of X.509 End Entity > Certificates" is listed up. > > Is it wrong about the way to store certificate? > Or another reason? (e.g. plugin is not enough) > > Regards, > > Log: > Feb 25 14:41:13 tester charon: 05[TLS] negotiated TLS 1.0 using suite > TLS_DHE_RSA_WITH_AES_128_CBC_SHA > Feb 25 14:41:13 tester charon: 05[TLS] processing TLS Handshake record (708 > bytes) > Feb 25 14:41:13 tester charon: 05[TLS] received TLS Certificate handshake > (704 bytes) > Feb 25 14:41:13 tester charon: 05[LIB] signature verification: > Feb 25 14:41:13 tester charon: 05[TLS] server certificate does not match to > 'C=ES, O=ACCV, CN=ACCVRAIZ1' > Feb 25 14:41:13 tester charon: 05[TLS] buffering 254 bytes, 254 bytes of 530 > byte TLS record received > Feb 25 14:41:13 tester charon: 05[TLS] sending fatal TLS alert 'access denied' -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
