Thanks for the reply! Yes, the clients are set with correct time/date.
That command didn't work. Did you mean openssl verify command? I ran that and both the old cert (still valid for a few days) and the new cert (already valid) shows correct domain but then says: error 20 at 0 depth lookup:unable to get local issuer certificate This may not be the problem since I get it with both old and new certs. Any other ideas? On Fri Oct 21 14:56:33 CDT 2011, James J J Hooper <jjj.hoo...@bristol.ac.uk> wrote: > On 21/10/2011 20:44, Eric Geier wrote: >> Hi, I?m trying to update my server?s cert, but getting errors >> after applying it: >> >> Fri Oct 21 12:26:45 2011 : Error: TLS Alert >> read:fatal:certificate >> expired >> Fri Oct 21 12:26:45 2011 : Error: TLS_accept:failed in SSLv3 >> read client certificate A >> Fri Oct 21 12:26:45 2011 : Error: rlm_eap: SSL error >> error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert >> certificate expired >> Fri Oct 21 12:26:45 2011 : Error: rlm_eap_tls: SSL_read failed >> inside of TLS (-1), TLS session fails. >> >> Says expired but I?m using the new cert, which is a renewal from >> a >> third-party CA and using the same private key. I apply it by >> inserting the text of the .crt file into the server-cert.pem file >> in the certs folder. I think that?s all I have to do and restart >> freeradius? >> > > 1) Check the date on the client system is correct > > 2) do: > openssl -in /path/to/your/raddb/server-cert.pem -noout -text > and verify the properties of the cert you have. > > -James > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html