the certification path is not valid probably because the root certificate which you installed under windows expired.
ciao artur
Antti Mattila wrote:
I tried certificates from Adam Sulmicki's cert.tgz packet. I set the server date to 28.2 and on the laptop to 28.2. (the certificate is valid from and expires on that day). And the EAP/TLS authentication worked!
I finally got: Sending Access-Accept of id 50 to 194.142.202.102:6001 MS-MPPE-Recv-Key = 0x60b16b18235e7a9fde64aabf7ddb3248540cb7dcaff967454af4c39270ae1607 MS-MPPE-Send-Key = 0x7236809f4cc3667478644304136783a2604a5a3607d9215f279aa97edcfeac2c EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000
But the certificate problem still remains. The certificate generated with the script which came from Freeradius package says on the w2k machine(on the certificate path):"The certificate has a non-valid digital signature" I think this is the problem. The Adam's certificate seems fine on the computer.
We will try different OpenSSL versions (we used the versions required in Ken Roser's guide, the SNAP was of course newer) but if this doesn't work we'll try to generate the certificates with Novell Certificate server that we are using. If it doesn't produce certificate files needed for Freeradius we need to buy somebody to make the certificates with OpenSSL for us. Fortunately the certificates must be generated only once. So if we get a working certificate set we don't have to buy a consultant to do the stuff ever again.
Best regards: Antti Mattila
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
