Hello, I'm currently running Radiator 4.7 on SUSE linux with OpenSSL 0.9.8h. I've had this running for years without any problems (albeit different versions). Now that I have to begin using Chain Certificates with my CA, I'm stuck. I know for a fact that the my private key and server certificate share the same modulus and exponent. The private key also works fine. I was also given all the correct CA and Chain certificates from Thawte, so I'm confident I'm OK there. The certificates work fine when installed on a Cisco ACS server. I also tried another set of certificates from Entrust, and received the same exact errors. The only way I can get this configuration to work with the new certificates is to use configuration #1, and not have the wireless client validate the server cert. Obviously, not a solution.
Any help or suggestions are greatly appreciated. Configuration #1: EAPType TTLS EAPTLS_CertificateType PEM EAPTLS_CAFile %D/certificates/cert/thawte.Premium.Root.CA.pem #EAPTLS_CertificateChainFile %D/certificates/cert/thawte.SSL123bundle.pem [disabled] EAPTLS_CertificateFile %D/certificates/cert/wirelesscert.pem EAPTLS_PrivateKeyFile %D/certificates/cert/thawtekey.pem EAPTLS_PrivateKeyPassword xxxx I get this error, which I would expect to receive without a chain cert in the configuration and the client wanting to validate the server cert. Tue Nov 2 12:02:35 2010: DEBUG: EAP TTLS SSL_accept result: 0, 1, 8576 Tue Nov 2 12:02:35 2010: DEBUG: EAP result: 1, EAP TTLS Handshake unsuccessful: 23668: 1 - error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca Tue Nov 2 12:02:35 2010: DEBUG: AuthBy FILE result: REJECT, EAP TTLS Handshake unsuccessful: 23668: 1 - error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca Tue Nov 2 12:02:35 2010: INFO: Access rejected for tsd7notebook: EAP TTLS Handshake unsuccessful: 23668: 1 - error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca Configuration #2: EAPType TTLS EAPTLS_CertificateType PEM EAPTLS_CAFile %D/certificates/cert/thawte.Premium.Root.CA.pem EAPTLS_CertificateChainFile %D/certificates/cert/thawte.SSL123bundle.pem [enabled] EAPTLS_CertificateFile %D/certificates/cert/wirelesscert.pem EAPTLS_PrivateKeyFile %D/certificates/cert/thawtekey.pem EAPTLS_PrivateKeyPassword xxxx I get this error: Tue Nov 2 12:03:58 2010: ERR: TLS could not use_PrivateKey_file %D/certificates/cert/thawtekey.pem, 1: 23681: 1 - error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch Thanks, Steve Stephen A Felicetti Fox Chase Cancer Center Director, Information Security stephen.felice...@fccc.edu 215-728-2956
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
