[RADIATOR] Limits on EAPTLS_PrivateKeyPassword
Michael Hulko
mihulko at uwo.ca
Thu Jun 12 11:36:23 CDT 2014
We have just renewed our certificates on our servers, and windows clients are unable to authenticate.
Without having to select “Validate server certificate” in a wireless profile, Windows usually presents a security box informing you that the certificate may no be trusted and / or is not bound as the root anchor. From there you can continue and access is granted.
However, since implementing our new certificates,
Windows7 is not presenting any warnings, the radiator log files continue with challenges and requests continually.
Windows8 just rejects the authentication outright: Thu Jun 12 11:05:43 2014: ERR: EAP PEAP TLS read failed: 19984: 1 - error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied
Thu Jun 12 11:05:43 2014: ERR: EAP PEAP TLS read failed: 19984: 1 - error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied
If I take our original certificate that DOES work with Windows7 / 8, and I remove the PrivateKeyPassword or change it, I get the same behaviour on both OS’s.
So.. two things are likely the culprit, either the private key provided to create the cert is wrong… or Radiator limits what characters can be used for the private key.
Any assistance would be grateful
Michael Hulko
Network Analyst
Western University Canada
Network Operations Centre
Information Technology Services
1393 Western Road, SSB 3300CC
London, Ontario N6G 1G9
tel: 519-661-2111 x81390
e-mail: mihulko at uwo.ca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20140612/1dd72a0c/attachment.html
More information about the radiator
mailing list