(RADIATOR) Problem with public certificate

Fernando Romao fromao at fe.up.pt
Wed Aug 29 04:17:38 CDT 2007 

Hi,

 

I purchase a public wildcard certificate for our ALTEON load balancer and
i'm trying to use it on the RADIATOR server for PEAP wireless users validate
the server. But I'm having an error during the authentication.

Error:

---------------

Tue Aug 28 17:55:49 2007: ERR: EAP PEAP TLS read failed:  26626: 1 -
error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied

 

Tue Aug 28 17:55:49 2007: DEBUG: EAP result: 1, EAP PEAP TLS read failed

Tue Aug 28 17:55:49 2007: DEBUG: AuthBy FILE result: REJECT, EAP PEAP TLS
read failed

Tue Aug 28 17:55:49 2007: INFO: Access rejected for romao: EAP PEAP TLS read
failed

Tue Aug 28 17:55:49 2007: DEBUG: Packet dump:

*** Sending to 172.20.51.48 port 1645 ....

Code:       Access-Reject

Identifier: 189

Authentic:  <0>/slhS<178><248><186>M<127><197><245>q<172><146>

Attributes:

        Reply-Message = "EAP PEAP TLS read failed"

-----------------

 

This are the certificate extensions, is missing some special extension? If
not what could be the problem?

Thanks

Fernando

 

-----------

        X509v3 extensions:

            X509v3 Authority Key Identifier: 

 
keyid:7D:6D:2A:EC:66:AB:A7:51:36:AB:02:69:F1:70:8F:C4:59:0B:9A:1F

 

            Authority Information Access: 

                CA Issuers -
URI:http://secure.globalsign.net/cacert/orgv1.crt

 

            X509v3 CRL Distribution Points: 

                URI:http://crl.globalsign.net/OrganizationVal1.crl

 

            X509v3 Subject Key Identifier: 

                94:18:C5:D6:93:DD:96:D2:97:93:52:55:75:D7:36:86:DA:F5:62:43

            X509v3 Basic Constraints: 

                CA:FALSE

            X509v3 Key Usage: critical

                Digital Signature, Key Encipherment

            X509v3 Extended Key Usage: 

                TLS Web Server Authentication, TLS Web Client
Authentication, Microsoft Server Gated Crypto

            X509v3 Certificate Policies: 

                Policy: 1.3.6.1.4.1.4146.1.20

                  CPS: http://www.globalsign.net/repository/

 

            Netscape Cert Type: 

                SSL Client, SSL Server

    Signature Algorithm: sha1WithRSAEncryption

 

---------------------

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20070829/a19d3ce2/attachment.html>

More information about the radiator mailing list