Re: [SPAM] Re: [SPAM] Re: [SPAM] Re: EAP-TLS does not sendan accessOK.
Download Freeradius 2.0 and use certificate creation script from there. They should be OK for 1.1.7 too. Ivan Kalik Kalik Informatika ISP Dana 20/11/2007, Patrice Oliver [EMAIL PROTECTED] piše: Hello, I looked at the event viewer. No information. Yesterday, I made a test of certificates / key exchanges on the server used to generate them : In a session : *openssl s_server -accept 4433 -no_ssl2 -no_dhe -cert server.pem -key server.pem -CAfile root.pem -msg -WWW -Verify 1* In another session : *openssl s_client -connect 127.0.0.1:4433 -msg -cert mobile.pem -key mobile.pem* == Unable to verify the first certificate So I think the procedure used to generate the certificates is bad, and while I get this result, the connexion will not establish. What's your opinion ? Regards. [EMAIL PROTECTED] a écrit : And have a look at the Event Viewer. Is anything recorded when conversation stops? Ivan Kalik Kalik Informatika ISP Dana 16/11/2007, Patrice Oliver [EMAIL PROTECTED] piše: [EMAIL PROTECTED] a écrit : Sort of. Official CA is already in the store. You just have to add yours in there. Windows doesn't get on with .pem very well so import p12 version. Is your root certificate listed in Trusted Root CA store? Also your client cert should be in Personal. Yes for trusted root ca store. I will try with .p12 file. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- *Hospices Civils de Beaune* *Patrice OLIVER* /Chef de Projet Ville Hôpital/ /Responsable Réseau Sécurité/ BP 104 21203 BEAUNE Cedex Tél. 03 80 24 44 09 Fax. 03 80 24 45 90 Ce message, y compris les pie`ces jointes, est établi a` l'attention exclusive de son ou ses destinataires et est confidentiel. Toute utilisation non conforme a` sa destination, toute diffusion ou publication, totale ou partielle, est interdite sauf autorisation expresse de l'expéditeur. Si vous n'e^tes pas le destinataire de ce message, merci d'avertir l'expéditeur de l'erreur de distribution puis de le détruire. Tout message électronique est susceptible d'altération et son intégrité ne peut e^tre assurée. L'expéditeur décline toute responsabilité dans l'hypothe`se ou` il aurait été modifié ou falsifié. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SPAM] Re: [SPAM] Re: [SPAM] Re: EAP-TLS does not sendan accessOK.
Hello, I don't find version 2.0 at this location : http://www.freeradius.org/download.html Only the 1.1.7 Cordialement, Patrice OLIVER Chef du Projet Ville Hôpital Responsable Réseaux Sécurité HOSPICES CIVILS DE BEAUNE Service Informatique BP 104 21203 BEAUNE CEDEX Tél. 33 3 80 24 44 09 Fax 33 3 80 24 45 90 -Original Message- From: [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Tue, 20 Nov 2007 12:48:48 +0100 Subject: Re: [SPAM] Re: [SPAM] Re: [SPAM] Re: EAP-TLS does not sendan accessOK. Download Freeradius 2.0 and use certificate creation script from there. They should be OK for 1.1.7 too. Ivan Kalik Kalik Informatika ISP Dana 20/11/2007, Patrice Oliver [EMAIL PROTECTED] pi¹e: Hello, I looked at the event viewer. No information. Yesterday, I made a test of certificates / key exchanges on the server used to generate them : In a session : *openssl s_server -accept 4433 -no_ssl2 -no_dhe -cert server.pem -key server.pem -CAfile root.pem -msg -WWW -Verify 1* In another session : *openssl s_client -connect 127.0.0.1:4433 -msg -cert mobile.pem -key mobile.pem* == Unable to verify the first certificate So I think the procedure used to generate the certificates is bad, and while I get this result, the connexion will not establish. What's your opinion ? Regards. [EMAIL PROTECTED] a écrit : And have a look at the Event Viewer. Is anything recorded when conversation stops? Ivan Kalik Kalik Informatika ISP Dana 16/11/2007, Patrice Oliver [EMAIL PROTECTED] pi¹e: [EMAIL PROTECTED] a écrit : Sort of. Official CA is already in the store. You just have to add yours in there. Windows doesn't get on with .pem very well so import p12 version. Is your root certificate listed in Trusted Root CA store? Also your client cert should be in Personal. Yes for trusted root ca store. I will try with .p12 file. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- *Hospices Civils de Beaune* *Patrice OLIVER* /Chef de Projet Ville Hôpital/ /Responsable Réseau Sécurité/ BP 104 21203 BEAUNE Cedex Tél. 03 80 24 44 09 Fax. 03 80 24 45 90 Ce message, y compris les pie`ces jointes, est établi a` l'attention exclusive de son ou ses destinataires et est confidentiel. Toute utilisation non conforme a` sa destination, toute diffusion ou publication, totale ou partielle, est interdite sauf autorisation expresse de l'expéditeur. Si vous n'e^tes pas le destinataire de ce message, merci d'avertir l'expéditeur de l'erreur de distribution puis de le détruire. Tout message électronique est susceptible d'altération et son intégrité ne peut e^tre assurée. L'expéditeur décline toute responsabilité dans l'hypothe`se ou` il aurait été modifié ou falsifié. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SPAM] Re: [SPAM] Re: [SPAM] Re: EAP-TLS does not sendan accessOK.
http://www.freeradius.org/press/index.html#freeradius-2.0.0-pre2 Dana 20/11/2007, OLIVER Patrice [EMAIL PROTECTED] piše: Hello, I don't find version 2.0 at this location : http://www.freeradius.org/download.html Only the 1.1.7 Cordialement, Patrice OLIVER Chef du Projet Ville Hôpital Responsable Réseaux Sécurité HOSPICES CIVILS DE BEAUNE Service Informatique BP 104 21203 BEAUNE CEDEX Tél. 33 3 80 24 44 09 Fax 33 3 80 24 45 90 -Original Message- From: [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Tue, 20 Nov 2007 12:48:48 +0100 Subject: Re: [SPAM] Re: [SPAM] Re: [SPAM] Re: EAP-TLS does not sendan accessOK. Download Freeradius 2.0 and use certificate creation script from there. They should be OK for 1.1.7 too. Ivan Kalik Kalik Informatika ISP Dana 20/11/2007, Patrice Oliver [EMAIL PROTECTED] piše: Hello, I looked at the event viewer. No information. Yesterday, I made a test of certificates / key exchanges on the server used to generate them : In a session : *openssl s_server -accept 4433 -no_ssl2 -no_dhe -cert server.pem -key server.pem -CAfile root.pem -msg -WWW -Verify 1* In another session : *openssl s_client -connect 127.0.0.1:4433 -msg -cert mobile.pem -key mobile.pem* == Unable to verify the first certificate So I think the procedure used to generate the certificates is bad, and while I get this result, the connexion will not establish. What's your opinion ? Regards. [EMAIL PROTECTED] a écrit : And have a look at the Event Viewer. Is anything recorded when conversation stops? Ivan Kalik Kalik Informatika ISP Dana 16/11/2007, Patrice Oliver [EMAIL PROTECTED] piše: [EMAIL PROTECTED] a écrit : Sort of. Official CA is already in the store. You just have to add yours in there. Windows doesn't get on with .pem very well so import p12 version. Is your root certificate listed in Trusted Root CA store? Also your client cert should be in Personal. Yes for trusted root ca store. I will try with .p12 file. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- *Hospices Civils de Beaune* *Patrice OLIVER* /Chef de Projet Ville Hôpital/ /Responsable Réseau Sécurité/ BP 104 21203 BEAUNE Cedex Tél. 03 80 24 44 09 Fax. 03 80 24 45 90 Ce message, y compris les pie`ces jointes, est établi a` l'attention exclusive de son ou ses destinataires et est confidentiel. Toute utilisation non conforme a` sa destination, toute diffusion ou publication, totale ou partielle, est interdite sauf autorisation expresse de l'expéditeur. Si vous n'e^tes pas le destinataire de ce message, merci d'avertir l'expéditeur de l'erreur de distribution puis de le détruire. Tout message électronique est susceptible d'altération et son intégrité ne peut e^tre assurée. L'expéditeur décline toute responsabilité dans l'hypothe`se ou` il aurait été modifié ou falsifié. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SPAM] Re: [SPAM] Re: [SPAM] Re: EAP-TLS does not sendan accessOK.
Ok, Thanks Cordialement, Patrice OLIVER Chef du Projet Ville Hôpital Responsable Réseaux Sécurité HOSPICES CIVILS DE BEAUNE Service Informatique BP 104 21203 BEAUNE CEDEX Tél. 33 3 80 24 44 09 Fax 33 3 80 24 45 90 -Original Message- From: [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Tue, 20 Nov 2007 15:41:57 +0100 Subject: Re: [SPAM] Re: [SPAM] Re: [SPAM] Re: EAP-TLS does not sendan accessOK. http://www.freeradius.org/press/index.html#freeradius-2.0.0-pre2 Dana 20/11/2007, OLIVER Patrice [EMAIL PROTECTED] pi¹e: Hello, I don't find version 2.0 at this location : http://www.freeradius.org/download.html Only the 1.1.7 Cordialement, Patrice OLIVER Chef du Projet Ville Hôpital Responsable Réseaux Sécurité HOSPICES CIVILS DE BEAUNE Service Informatique BP 104 21203 BEAUNE CEDEX Tél. 33 3 80 24 44 09 Fax 33 3 80 24 45 90 -Original Message- From: [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Tue, 20 Nov 2007 12:48:48 +0100 Subject: Re: [SPAM] Re: [SPAM] Re: [SPAM] Re: EAP-TLS does not sendan accessOK. Download Freeradius 2.0 and use certificate creation script from there. They should be OK for 1.1.7 too. Ivan Kalik Kalik Informatika ISP Dana 20/11/2007, Patrice Oliver [EMAIL PROTECTED] pi¹e: Hello, I looked at the event viewer. No information. Yesterday, I made a test of certificates / key exchanges on the server used to generate them : In a session : *openssl s_server -accept 4433 -no_ssl2 -no_dhe -cert server.pem -key server.pem -CAfile root.pem -msg -WWW -Verify 1* In another session : *openssl s_client -connect 127.0.0.1:4433 -msg -cert mobile.pem -key mobile.pem* == Unable to verify the first certificate So I think the procedure used to generate the certificates is bad, and while I get this result, the connexion will not establish. What's your opinion ? Regards. [EMAIL PROTECTED] a écrit : And have a look at the Event Viewer. Is anything recorded when conversation stops? Ivan Kalik Kalik Informatika ISP Dana 16/11/2007, Patrice Oliver [EMAIL PROTECTED] pi¹e: [EMAIL PROTECTED] a écrit : Sort of. Official CA is already in the store. You just have to add yours in there. Windows doesn't get on with .pem very well so import p12 version. Is your root certificate listed in Trusted Root CA store? Also your client cert should be in Personal. Yes for trusted root ca store. I will try with .p12 file. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- *Hospices Civils de Beaune* *Patrice OLIVER* /Chef de Projet Ville Hôpital/ /Responsable Réseau Sécurité/ BP 104 21203 BEAUNE CedexTél. 03 80 24 44 09 Fax. 03 80 24 45 90 Ce message, y compris les pie`ces jointes, est établi a` l'attention exclusive de son ou ses destinataires et est confidentiel. Toute utilisation non conforme a` sa destination, toute diffusion ou publication, totale ou partielle, est interdite sauf autorisation expresse de l'expéditeur. Si vous n'e^tes pas le destinataire de ce message, merci d'avertir l'expéditeur de l'erreur de distribution puis de le détruire. Tout message électronique est susceptible d'altération et son intégrité ne peut e^tre assurée. L'expéditeur décline toute responsabilité dans l'hypothe`se ou` il aurait été modifié ou falsifié. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SPAM] Re: [SPAM] Re: [SPAM] Re: EAP-TLS does not sendan accessOK.
Hello, I looked at the event viewer. No information. Yesterday, I made a test of certificates / key exchanges on the server used to generate them : In a session : *openssl s_server -accept 4433 -no_ssl2 -no_dhe -cert server.pem -key server.pem -CAfile root.pem -msg -WWW -Verify 1* In another session : *openssl s_client -connect 127.0.0.1:4433 -msg -cert mobile.pem -key mobile.pem* == Unable to verify the first certificate So I think the procedure used to generate the certificates is bad, and while I get this result, the connexion will not establish. What's your opinion ? Regards. [EMAIL PROTECTED] a écrit : And have a look at the Event Viewer. Is anything recorded when conversation stops? Ivan Kalik Kalik Informatika ISP Dana 16/11/2007, Patrice Oliver [EMAIL PROTECTED] piše: [EMAIL PROTECTED] a écrit : Sort of. Official CA is already in the store. You just have to add yours in there. Windows doesn't get on with .pem very well so import p12 version. Is your root certificate listed in Trusted Root CA store? Also your client cert should be in Personal. Yes for trusted root ca store. I will try with .p12 file. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- *Hospices Civils de Beaune* *Patrice OLIVER* /Chef de Projet Ville Hôpital/ /Responsable Réseau Sécurité/ BP 104 21203 BEAUNE Cedex Tél. 03 80 24 44 09 Fax. 03 80 24 45 90 Ce message, y compris les pie`ces jointes, est établi a` l'attention exclusive de son ou ses destinataires et est confidentiel. Toute utilisation non conforme a` sa destination, toute diffusion ou publication, totale ou partielle, est interdite sauf autorisation expresse de l'expéditeur. Si vous n'e^tes pas le destinataire de ce message, merci d'avertir l'expéditeur de l'erreur de distribution puis de le détruire. Tout message électronique est susceptible d'altération et son intégrité ne peut e^tre assurée. L'expéditeur décline toute responsabilité dans l'hypothe`se ou` il aurait été modifié ou falsifié. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SPAM] Re: [SPAM] Re: [SPAM] Re: EAP-TLS does not sendan accessOK.
And have a look at the Event Viewer. Is anything recorded when conversation stops? Ivan Kalik Kalik Informatika ISP Dana 16/11/2007, Patrice Oliver [EMAIL PROTECTED] piše: [EMAIL PROTECTED] a écrit : Sort of. Official CA is already in the store. You just have to add yours in there. Windows doesn't get on with .pem very well so import p12 version. Is your root certificate listed in Trusted Root CA store? Also your client cert should be in Personal. Yes for trusted root ca store. I will try with .p12 file. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html