[RADIATOR] EAP TLS issues "routines:SSL3_READ_BYTES:tlsv1 alert access denied"

Heikki Vatiainen hvn at open.com.au
Wed Feb 19 14:32:46 CST 2014


On 02/19/2014 10:08 PM, Jeffrey Smith wrote:

> Wed Feb 19 10:59:58 2014: ERR: EAP PEAP TLS read failed:  13601: 1 -
> error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied

Here's one more possibility from the list archives:
http://www.open.com.au/pipermail/radiator/2004-August/009982.html

I agree with Alan that the AP client probably does not care but the
other client does.

In addition to what has already been suggested, I'd check the Radiator
certificate to see the Extended Key Usage (EKU) is there.

http://support.microsoft.com/kb/814394

Thanks,
Heikki


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list