[RADIATOR] Can't get chain certificates to work

2010-11-04 Thread Stephen A. Felicetti
Hello, I'm currently running Radiator 4.7 on SUSE linux with OpenSSL 0.9.8h. I've had this running for years without any problems (albeit different versions). Now that I have to begin using Chain Certificates with my CA, I'm stuck. I know for a fact that the my private key and server certifica

Re: [RADIATOR] Can't get chain certificates to work

2010-11-04 Thread Andrew D. Clark
I had trouble getting this to work as well. The problem turned out to be the order of certificates in the chain. They usually come, from top to bottom in the file, root CA, signing CA, your cert. It looks like the way Radiator wants it is your cert, followed by the signing CA. Try reversing

Re: [RADIATOR] Can't get chain certificates to work

2010-11-04 Thread Stephen A. Felicetti
Thanks for the response. But, I continue to get the "X509_check_private_key:key values mismatch" anytime I use the certificatechain configuration line. I've tried many combinations of certificates in the file, with all the same results. On Nov 4, 2010, at 12:50 PM, Andrew D. Clark wrote: I ha

Re: [RADIATOR] Can't get chain certificates to work

2010-11-04 Thread David Zych
> EAPType TTLS > EAPTLS_CertificateType PEM > EAPTLS_CAFile %D/certificates/cert/thawte.Premium.Root.CA.pem > EAPTLS_CertificateChainFile %D/certificates/cert/thawte.SSL123bundle.pem > [enabled] > EAPTLS_CertificateFile %D/certificates/cert/wirelesscert.pem > EAPTLS_PrivateKeyFile %D/certificates

Re: [RADIATOR] WLAN EAP-TLS auth issue

2010-11-04 Thread Markus Moeller
That solved it. Why is this not the default ? Thank you Markus - Original Message - From: "Sami Keski-Kasari" To: "Markus Moeller" ; Sent: Wednesday, November 03, 2010 9:07 PM Subject: Re: [RADIATOR] WLAN EAP-TLS auth issue > Have you tried EAPTLS_SessionResumption 0? > > -- > Sami

Re: [RADIATOR] Can't get chain certificates to work

2010-11-04 Thread Stephen A. Felicetti
If I exclude the EAPTLS_CAFile, I get the following error: Thu Nov 4 16:06:42 2010: ERR: TLS could not load_verify_locations , : Thu Nov 4 16:06:42 2010: DEBUG: EAP result: 1, EAP TTLS Could not initialise context Thu Nov 4 16:06:42 2010: DEBUG: AuthBy FILE result: REJECT, EAP TTLS Could not

Re: [RADIATOR] Can't get chain certificates to work

2010-11-04 Thread David Zych
On 1:59 PM, Stephen A. Felicetti wrote: > On Nov 4, 2010, at 3:32 PM, David Zych wrote: >> >> I fought with this same issue and eventually discovered that the >> Radiator documentation is misleading: including both an >> EAPTLS_CertificateFile (for the server cert) and an >> EAPTLS_CertificateChain

Re: [RADIATOR] WLAN EAP-TLS auth issue

2010-11-04 Thread Hugh Irvine
Hello Markus - Because most people want it enabled. regards Hugh On 5 Nov 2010, at 06:45, Markus Moeller wrote: > That solved it. Why is this not the default ? > > Thank you > Markus > > - Original Message - > From: "Sami Keski-Kasari" > To: "Markus Moeller" ; > Sent: Wednesday

Re: [RADIATOR] WLAN EAP-TLS auth issue

2010-11-04 Thread Markus Moeller
Ok. Fair point. Thank you Markus - Original Message - From: "Hugh Irvine" To: "Markus Moeller" Cc: "Sami Keski-Kasari" ; Sent: Thursday, November 04, 2010 10:35 PM Subject: Re: [RADIATOR] WLAN EAP-TLS auth issue Hello Markus - Because most people want it enabled. regards Hugh