Bringing this back, the main question I have is why do our users need to Trust a certificate when connecting to our Radius Wifi but they don't need to Trust a certificate when connecting to most other WiFi services out there. Why is there a difference?
--- Roberto Ullfig - rull...@uic.edu Systems Administrator Enterprise Applications & Services | Technology Solutions University of Illinois - Chicago ________________________________ From: radiator <radiator-boun...@lists.open.com.au> on behalf of Heikki Vatiainen <h...@open.com.au> Sent: Wednesday, June 2, 2021 2:33 PM To: radiator@lists.open.com.au <radiator@lists.open.com.au> Subject: Re: [RADIATOR] Certificate Not Trusted - InCommon? On 2.6.2021 21.37, Ullfig, Roberto Alfredo wrote: > trying to use EAPTLS_CertificateChainFile does not work - we are running > 4.16 - these errors appear when a user attempts to connect: > > Wed Jun 2 13:32:22 2021: ERR: TLS could not load_verify_locations , : I think this means that EAPTLS_CAFile and EAPTLS_CAPath are both undefined. The optional configuration changes I mentioned only work with Radiator 4.20 or later. There you can leave the both unset when EAPTLS_NoClientCert is also set. You can leave EAPTLS_CAFile as it was while setting EAPTLS_CertificateChainFile. The chain file has all certificates (Radiator's and intermediate CAs) the client requires and EAPTLS_CAFile remains unused because client certificates are not used. Note: this assumes EAP-TLS is not used. With EAP-TLS client certificate settings are required as usual. > 16422: 1 - error:25066067:DSO support routines:DLFCN_LOAD:could not > load the shared library > 16422: 2 - error:25070067:DSO support routines:DSO_load:could not load > the shared library > 16422: 3 - error:260B6084:engine routines:DYNAMIC_LOAD:dso not found > 16422: 4 - error:2606A074:engine routines:ENGINE_by_id:no such engine The above show the errors that are caused by not being able to load CA file or path. Thanks, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory, EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc. _______________________________________________ radiator mailing list radiator@lists.open.com.au https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&data=04%7C01%7Crullfig%40uic.edu%7Cee9b5689301b494d43bd08d925fda320%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637582593563865963%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=QkgPwsofxnpbbXy9nMjLPS%2Bqp%2FiWbyEbvLCShiNQRUM%3D&reserved=0
_______________________________________________ radiator mailing list radiator@lists.open.com.au https://lists.open.com.au/mailman/listinfo/radiator