Re: peap problems

Thu, 27 Jan 2005 03:21:19 -0800 

Quoting Michael Griego <[EMAIL PROTECTED]>:

> I'm guessing you're using the Windows XP supplicant?  This looks like a 
> classic case of your CA certificate not being present on the client machine.
> 
> --Mike
> 
> -----------------------------------
> Michael Griego
> Wireless LAN Project Manager
> The University of Texas at Dallas

Hi.

Yes, I uses WinXP(sp2) supplicant and access point is Intel 2011B.
I create new certicates. Then I copy root.der and client-crt.p12 files to
supplicant. Windows shows that certificates are ok and using to remote client
identity. (I trying tls method too). Now, in authentication process, I found
following error line.


rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 03a8], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0044], CertificateRequest
    TLS_accept: SSLv3 write certificate request A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13


Next lines tells how I create certificates.


****Server certificate*******

openssl genrsa -des3 -out server-key.pem 2048 
 
openssl req -new -key server-key.pem -out server-csr.pem
 
openssl req -in server-csr.pem -out server-crt.pem -key server-key.pem -x509
-days 3652

openssl ca -in server-csr.pem -out server-crt.pem -days 3652 -policy
policy_anything

 
****root certificate******
 
cp server-crt.pem root.pem 
 
openssl x509 -in root -inform PEM -out root.der -outform DER


****client certificate******
 
openssl genrsa -des3 -out client-key.pem 2048
 
openssl req -new -key client-key.pem -out client-csr.pem
 
openssl ca -in client-csr.pem -out client-crt.pem -days 125 -extensions
xpclient_ext -extfile xpextensions -policy policy_anything
 
openssl pkcs12 -export -in client-crt.pem -inkey client-key.pem -name "Radius
Suse" -certfile client-crt.pem -out client.p12
 
openssl x509 -inform PEM -outform DER -in client-clt.pem -out client-clt.der







  

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to