[RADIATOR] Server 2008 R2 x64 - radsec certificate verify failed
hvn at open.com.au
Thu Dec 15 04:56:37 CST 2011
On 12/14/2011 05:21 PM, Röver, Christian wrote:
> The posted logfile is the full trace 4 logging and the config I posted
> before is he complete config (I only cut the descriptions and the lines that
> were commented out).
> The certificates are all valid and have been verified by the toplevel-ca.
> Maybe it is useful to know, that we have our own CA.
> Our CA is the lowest in a row of three CA's. The CA-files are all stored in
> the CAPath-folder together with our own CA's chain file.
You could try TLS_CAFile instead of TLS_CAPath. Please see below for more.
> The error message tells about problems with the verification of a
> certificate. Is there any need to use the CA-files directly instead of the
If you use CAPath, the certificate files are accessed by CA subject name
hash. In most cases this means there's a symbolic link like this:
lrwxrwxrwx 1 root root 20 2011-10-13 16:42 ddc328ff.0 ->
See this for how to use command c_rehash to create the links:
Instead of using TLS_CAPath you can put all CA certifcates in one file
and point TLS_CAFile to that file. That might be easier to maintain the
symbolic links for all required certificates.
> Another question is: we use eaptls for the communication with our ldap
> server (this works!), but we have to use TLS for radsec with the toplevel
> server. Might there be a problem?
Sorry, I did not quite understand this. You can use SSL or TLS for LDAP
connections from Radiator without worries with RadSec.
I also just noticed you use AuthBy RADIUS too. Are you proxying PEAP and
TTLS inner authentication via RADIUS?
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
More information about the radiator