[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: SSL certificate problems
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2007-10-30 6:40:24
Message-ID: 4726D1D8.5020702 () deployingradius ! com
[Download RAW message or body]

Walter Gould wrote:
> Sorry to bother you guys again -  I created new SSL certificates per
> your above instructions...  After the certs were created, I then:
> 
> 1. copied them to the /etc/raddb/certs directory
> 2. updated /etc/raddb/eap.conf with the certificate names & private key
> password
> 3. copied and installed the new certificate (server.pem) onto my XP
> laptop and
> 4. started radiusd in debug mode, below is the output
> 
> It is acting as you describe in the FAQ -

  You didn't add the root certificate to the XP machine.  See the
EAP-TLS "howto's" on the web site.

> So, I am wondering will I need to install the hotfix as listed in the
> FAQ - and, will this have to be done on ALL Windows machines?  I am
> thinking that I still do not have something configured right on my
> side.   If I uncheck the "validate server certs" box on the XP client, I
> can connect and authenticate successfully.

  Yup.  "Ignore that we have no idea where this certificate came from,
and do PEAP anyways".

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]