> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Alan DeKok > > "Dave Huff" <[EMAIL PROTECTED]> wrote: > > rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal > > certificate_unknown TLS Alert read:fatal:certificate unknown > > SSL is telling FreeRADIUS that the certificate sent by the > client is bad. That's what I thought too, but I configured the CA, server, and client certs all on Openssl pretty much like http://www.cisco.com/en/US/products/ps6379/products_configuration_guide_chap ter09186a00805ac269.html
Windows is using the cert I installed from the linux box, at least I have a choice in ProSET. If Windows overrides for some reason, I wouldn't know...can I set a debug mode that would tell me? > > You're probably doing EAP-TLS where the server has one > cert, and the client has cert signed by someone else > entirely. For EAP-TLS to work, the client certs have to be > signed by the server cert. Signed by the server cert or by the CA cert? I have a CA that signed the server and client certs, and the eap.conf file knows where server and CA certs are. Dan > > Alan DeKok. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
