On 8/6/05, Shane Stixrud <[EMAIL PROTECTED]> wrote: > I am attempting to use xsupplicant to connect my fedora 4 laptop to a Open > / static wep / eap-tls enabled cisco wireless network with Cisco ACS > radius server and a Microsoft CA, everything works fine if I just use wep > and avoid EAP-TLS. > > My xsupplicant configuration files seems to be correct, however my > authentication requests fail during an openssl handshake to my radius > server with the following error: > > [AUTH TYPE] --- SSL_verify : depth 1 > [AUTH TYPE] --- SSL_verify error : num=19:self signed certificate in > certificate chain:depth=1:/DC=org/DC=vmmc/DC=vmad/CN=vmad1 > [AUTH TYPE] --- SSL : SSLv3 read server certificate B > [AUTH TYPE] --- ALERT : unknown CA > [AUTH TYPE] --- SSL : SSLv3 read server certificate B > OpenSSL Error -- error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > Failure! >
Look at your eap.conf, section tls, CA_file parameter. Is CA_file pointing to the certificate of the CA that signed your user certificate? Michael ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
