Hi... as i see log says , "Error: TLS Alert read:fatal:unknown CA" . and you need to specify the certificate Authority in your client when testing. Certifcate authority is a File called "CA.pem" once you added to the client error should go away. And make sure debian sever hostname should be same as "commonName" specified in server.cnf
Thank You On 15 September 2012 08:44, austin wonderly <lacrosse1...@gmail.com> wrote: > hello, thanks for the tip, although unfortunately im am still getting > problems :( have included the out of eapol_test right here > http://pastebin.com/8iKsCUfn and also what shows up in the freeradius > logs as well (have included the file names that i currently have in in my > /etc/freeradius/certs directory) http://pastebin.com/MtQDVaWL, would you > guys know of anything that I could do to resolve this? it actually seems > like the same problem that i've been having with the other solutions that I > have tried earlier on (yesterday and today), thanks again for the help too > > > On Fri, Sep 14, 2012 at 9:17 PM, val john <valjohn1...@gmail.com> wrote: > >> Download the tar.gz file form freeradius , in that file , in folder >> "freeradius-server-xxx/raddb/certs" provide very easy way generate certs >> (./bootstrap) , just copy its its content to the freeradius in debian >> "/etc/freeradius/certs/" >> >> Thank you >> >> >> ---------- Forwarded message ---------- >> From: austin wonderly <lacrosse1...@gmail.com> >> Date: 15 September 2012 03:23 >> Subject: generating ssl certs in debian squeeze >> To: freeradius-users@lists.freeradius.org >> >> >> Hello, I was wondering if anyone knew of any tutorials for generating ssl >> certificates for freeradius in debian squeeze? Have been trying to find a >> method that would work over the last few days and have not found a solution >> yet (have probably spent around 6-7 hrs just getting this part to work so >> far), I am trying to setup a radius server to provide eap-ttls >> authentication for a non public network (windows machines, as well linux >> based machines would be on the network), if someone could point me in the >> right direction though or possibly offer some advice I would really >> appreciate it as i've pretty much exhausted my options at this point in >> time. having said that, would there be any downsides to just using the >> "snakeoil" certificates in this type of configuration? thanks >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
