Hi,
Been working for 8 hours configuring freeradius as an experiment to learn, and better secure my green network ap.
All went pretty well, ap is communicating with the server, and i’ve set it to use tls only for better security.
I have a tls version issue that i will resulve later, but i want to get it working before tightening the security.
So my main problem is that it seems that the server cannot resolve the client name to open the proper cert file for validation as the error suggest. But i can’t find why. Maybe someone could point out my error or somewhere i can look for any clues? Could it be a file permission issue?
Thx and have a nice day.
Error code snippet:
…
(7) eap_tls: TLS-Client-Cert-Common-Name := “PsycO”
(7) eap_tls: TLS-Client-Cert-X509v3-Extended-Key-Usage += “TLS Web Client Authentication”
(7) eap_tls: TLS-Client-Cert-X509v3-Extended-Key-Usage-OID += “1.3.6.1.5.5.7.3.2”
(7) eap_tls: Verifying client certificate: /usr/bin/openssl verify -CAfile /etc/raddb/certs %{TLS-Client-Cert-Filename}
(7) eap_tls: Executing: /usr/bin/openssl verify -CAfile /etc/raddb/certs %{TLS-Client-Cert-Filename}:
(7) eap_tls: EXPAND %{TLS-Client-Cert-Filename}
(7) eap_tls: --> /tmp/radiusd/radiusd.client.XXcGNa2O
Error loading file /etc/raddb/certs
(7) eap_tls: ERROR: Program returned code (1) and output ‘’
tls: Certificate CN (PsycO) fails external verification!
(7) eap_tls: >>> send TLS 1.0 Alert [length 0002], fatal internal_error
(7) eap_tls: ERROR: TLS Alert write:fatal:internal error
tls: TLS_accept: Error in error
(7) eap_tls: ERROR: Failed in FUNCTION (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
(7) eap_tls: ERROR: System call (I/O) error (-1)
(7) eap_tls: ERROR: TLS receive handshake failed during operation
(7) eap_tls: ERROR: [eaptls process] = fail
(7) eap: ERROR: Failed continuing EAP TLS (13) session. EAP sub-module failed
…