On Aug 8, 2005, at 9:39 AM, Landon Cox wrote:
I'm going to do some experiments later tonight and see if I can
isolate the success factor.
Back on this topic for a moment...some things I tried to see if I
could break the configuration were:
1) remove the certs from the /etc/ssl/certs directory, restart
FR, no difference - still hooked up fine since the certs are also in
raddb/certs.
I decided to generate a client cert for a Mac box and when I imported
it into the Keychain of OS X, I noticed "This certificate is not yet
valid".
I went back and looked at the output of the certificate generation
and the "validity Not Before" gave a date/time stamp that was 1 hour
future (my timezone setting was off by one hour.)
But this made me wonder....was the unknown_ca problem caused by the
CA cert having a "Not Valid Before" validity that was in the future
from the real time when it was generated and then initially tested?
Is this a possible cause for an unknown_ca error?
Landon
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
