Jonathan Amiez wrote: > In debian, certs are linked from the snakeoil openSSL certs. > So I removed the links, got the FR sources and copy the raddb/certs contents > into /etc/freeradius/certs. > Then I ran make to generate new certs, but the problem's still there.
You helpfully deleted the one comment that applies here: >> No. It means that the certificate being sent by the client isn't >> known to the server. So... did you put the new CA on the client? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html