[RADIATOR] Issue with EAP Authentication
Heikki Vatiainen
hvn at open.com.au
Wed Jul 29 12:21:03 UTC 2020
On 28.7.2020 20.00, Brandon Shiers wrote:
> Tue Jul 28 10:53:17 2020: ERR: TLS could not use_certificate_file
> /etc/radiator/cert/certificates/radius.pem, 1: 2956: 1 -
> error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
>
> The key is signed with 2048-bits and RSA encryption, md5. I’m using the
> AuthbyFreeRadius handler for this.
>
> I sent a message yesterday but I wasn’t getting any replies, so I’m not
> sure if it was blocked due to spam or not. I’m not sure where I need to
> go. I don’t really want to regenerate new certificates but if that’s my
> only option I will. I did set EAPTLS_SecurityLevel to 1 and that didn’t
> help.
For security levels, see this:
https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_get_security_level.html
It appears that even level 1 is too strict for MD5. Level 0 likely
works, but it might be a better idea to regenerate the certs like Chris
suggested.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
More information about the radiator
mailing list