[RADIATOR] Issue with EAP Authentication

Chris Phillips Chris.Phillips at canarie.ca
Tue Jul 28 18:27:14 UTC 2020

A quick google on the error gave me:




and this stood out to me: 


I had this problem with the OpenVPN for Android app. See the explanation in the following link.

I circumvented/fixed the problem by editing the openssl-1.0.0.cnf file in my easy-rsa directory and changing "default_md" from md5 to sha256 and then regenerating my certificates.


Seems like a path to take a look at.

I haven’t encountered the issue personally but would look at your certificate creation process to see if you can bump to SHA256 and regenerate the cert.






From: radiator <radiator-bounces at lists.open.com.au> on behalf of Brandon Shiers <brandon.shiers at cerento.com>
Date: Tuesday, July 28, 2020 at 1:00 PM
To: "radiator at lists.open.com.au" <radiator at lists.open.com.au>
Subject: [RADIATOR] Issue with EAP Authentication


We are working on migrating an EAPTLS setup from Radiator 3.13 up to Radiator 4.19.  I’ve moved the relevant certificates and configuration and when I try to have my endpoint device authenticate I’m getting the same error: 


Tue Jul 28 10:53:17 2020: ERR: TLS could not use_certificate_file /etc/radiator/cert/certificates/radius.pem, 1:  2956: 1 - error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak


The key is signed with 2048-bits and RSA encryption, md5.  I’m using the AuthbyFreeRadius handler for this.  


I sent a message yesterday but I wasn’t getting any replies, so I’m not sure if it was blocked due to spam or not.  I’m not sure where I need to go.  I don’t really want to regenerate new certificates but if that’s my only option I will.  I did set EAPTLS_SecurityLevel to 1 and that didn’t help.  


 Brandon Shiers, RF Engineer
 937 West Main Street
Riverton, WY 82501
 307.857.6704 (o)
307.840.2366 (c)
307.856.1499 (f)
BrandonS at wyoming.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20200728/1e5b9d12/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4340 bytes
Desc: not available
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20200728/1e5b9d12/attachment-0001.p7s>

More information about the radiator mailing list