t...@kalik.net wrote: >> So the problem is in certificate: >> >> [tls] <<< TLS 1.0 Handshake [length 038d], Certificate >> --> verify error:num=20:unable to get local issuer certificate >> [tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca > > That means that you haven't imported self-signed ca certificate onto the > client. > >> # openssl verify -CApath ca.pem client.pem >> client.pem: /C=FR/ST=Radius/O=Example >> Inc./cn=u...@example.com/emailaddress=u...@example.com >> error 20 at 0 depth lookup:unable to get local issuer certificate >> >> >> I'm little bit confused, I created the client certificate using make >> client. > > Which uses server certificate to sign client certificates. > >> Isn't possible that freeradius Makefile is buggy? > > No. Try verify with server certificate (as it is done in Makefile).
# c_rehash . # openssl verify -CApath . client.pem client.pem: OK # openssl verify -CApath . server.pem server.pem: OK Also tried modify wpa_supplicant conf: - ca_cert="ca.pem" + ca_cert="server.pem" But with the same result. -- Tom Key fingerprint = 06C0 23C6 9EB7 0761 9807 65F4 7F6F 7EAB 496B 28AA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html