Have you opened the certificates you believe to be the latest in something else
(like Windows perhaps) and checked that the expiry dates of these certificates
is correct?
And have you checked that your server's time is correct too?
Stefan
From:
freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.orgmailto:freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org
[mailto:freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org]
On Behalf Of Muhammad Nadeem
Sent: 19 July 2013 11:24
To: FreeRadius users mailing list
Subject: Re: certificate expiration proble
thanx for you reply, but as i said certificates are ok. Please see this log
[tls] -- User-Name =
0026826172C4@test_cpe.commailto:0026826172C4@test_cpe.com
[tls] -- BUF-Name = wi-tribe Pakistan Certification Authority
[tls] -- subject = /C=PK/ST=Fedral Capital/L=Islamabad/O=wi-tribe Pakistan
limited/OU=Network Operations/CN=wi-tribe Pakistan Certification
Authority/emailAddress=pkwi...@pk.wi-tribe.commailto:pkwi...@pk.wi-tribe.com
[tls] -- issuer = /C=PK/ST=Fedral Capital/L=Islamabad/O=wi-tribe Pakistan
limited/OU=Network Operations/CN=wi-tribe Pakistan Certification
Authority/emailAddress=pkwi...@pk.wi-tribe.commailto:pkwi...@pk.wi-tribe.com
[tls] -- verify return:1
-- verify error:num=10:certificate has expired
[tls] TLS 1.0 Alert [length 0002], fatal certificate_expired
TLS Alert write:fatal:certificate expired
TLS_accept: error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
certificate returned
thanks
On Fri, Jul 19, 2013 at 2:58 PM,
a.l.m.bu...@lboro.ac.ukmailto:a.l.m.bu...@lboro.ac.uk wrote:
Hi,
I am trying to configure eap with some customized certificates, I have
configured eap.config correctly.
But I am getting the error of certificate expired. Although i have the
latest certificates.
certificate has expired. FreeRADIUS has no reason to lie.
check the startup output of 'radiusd -X' - look for when it loads the certs.
then use openssl to read those certs to see what the values are - server cert,
CA certor client cert. whatever you're using eg
openssl x509 -in server.pem -noout -text
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Best Regards
Muhammad Nadeem
Muhammad Ali Jinnah University
--
This e-mail and any attachments may contain confidential, copyright and or
privileged material, and are for the use of the intended addressee only. If you
are not the intended addressee or an authorised recipient of the addressee
please notify us of receipt by returning the e-mail and do not use, copy,
retain, distribute or disclose the information in or attached to the e-mail.
Any opinions expressed within this e-mail are those of the individual and not
necessarily of Diamond Light Source Ltd.
Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments
are free from viruses and we cannot accept liability for any damage which you
may sustain as a result of software viruses which may be transmitted in or with
the message.
Diamond Light Source Limited (company no. 4375679). Registered in England and
Wales with its registered office at Diamond House, Harwell Science and
Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html