"Dave Huff" http://lists.freeradius.org/mailman/listinfo/freeradius-users>> wrote:
/ > For EAP-TLS to work, the client certs have to be
/>>/ > signed by the server cert.
/>>/ Signed by the server cert or by the CA cert? I have a CA that signed the
/>/> server and client certs, and the eap.conf
Robert Myers <[EMAIL PROTECTED]> wrote:
> The reason I ask, is that I'm using a client cert signed by my CA to do
> eap/tls, and it's working. I have not implemented the server cert as of
> yet.
Then it *should* work with PEAP. But I don't know of many people
that use client certs with PEAP.
Does this only apply if the supplicant uses a server cert during eap/tls?
The reason I ask, is that I'm using a client cert signed by my CA to do
eap/tls, and it's working. I have not implemented the server cert as of
yet.
-Bob
Alan DeKok wrote:
"Dave Huff" <[EMAIL PROTECTED]> wrote:
Fo
"Dave Huff" <[EMAIL PROTECTED]> wrote:
> > For EAP-TLS to work, the client certs have to be
> > signed by the server cert.
> Signed by the server cert or by the CA cert? I have a CA that signed the
> server and client certs, and the eap.conf file knows where server and CA
> certs are.
If you'r
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> Of Alan DeKok
>
> "Dave Huff" <[EMAIL PROTECTED]> wrote:
> > rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal
> > certificate_unknown TLS Alert read:fatal:certificate unknown
>
> SSL is tellin
"Dave Huff" <[EMAIL PROTECTED]> wrote:
> rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal
> certificate_unknown
> TLS Alert read:fatal:certificate unknown
SSL is telling FreeRADIUS that the certificate sent by the client is
bad.
You're probably doing EAP-TLS where the server has one cer
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> Of Alan DeKok
>
> "Dave Huff" <[EMAIL PROTECTED]> wrote:
> > I would like to configure this setup using Freeradius. My WinXP
> > client (Intel ProSET) supports this, but FR chokes on it
> when enab
"Dave Huff" <[EMAIL PROTECTED]> wrote:
> I would like to configure this setup using Freeradius. My WinXP client
> (Intel ProSET) supports this, but FR chokes on it when enabled.
Would you be willing to run the serve rin debugging mode, as
suggested in the FAQ, README, INSTALL, and daily on this
Looks like that's set in the users file. As the entry for that email
says DEFAULT.
Dave Huff wrote:
I would like to configure this setup using Freeradius. My WinXP client
(Intel ProSET) supports this, but FR chokes on it when enabled. I've got
PEAP-EAP-MSCHAPV2 working with just password
9 matches
Mail list logo
